How to setup Syslog Acquisition for the CrowdSec Security Engine
CrowdSec CrowdSec
1.75K subscribers
621 views
6

 Published On Premiered Sep 4, 2023

This video is the webinar we did about Syslog acquisition module within the security engine. Also as promised our Support specialist added the section about podman to the end of the video enjoy!

Openresty default configuration: https://raw.githubusercontent.com/cro...

Podman commads in order:
podman pod create --publish 127.0.0.1:7070:80 --volume crowdsec_etc:/etc/crowdsec/ --volume openresty:/usr/local/openresty/ openresty
podman run -d --pod $POD -e COLLECTIONS="crowdsecurity/nginx" -e DISABLE_PARSERS="crowdsecurity/whitelists" crowdsecurity/crowdsec:v1.5.2
podman run -d --pod $POD -e API_URL=http://127.0.0.1:8080 -e API_KEY= crowdsecurity/openresty

chapters:
00:00 Intro
00:08 Webinar
26:04 Podman example
26:24 Podman version
26:58 Podman pod create
27:25 Podman volume create
27:50 Podman pod created
28:00 Set pod id as env var
28:30 CrowdSec container
29:55 CrowdSec health check
30:26 Podman volume inspect
30:48 Editing mounted volume configuration
30:52 Acquis.yaml
31:05 Syslog example configuration
31:30 Bouncers add openresty
32:00 Pre fix an issue
32:53 Add openresty container
34:10 Configure openresty to use syslog
35:50 Restart CrowdSec container
36:00 Test setup and show metrics

GET STARTED WITH CROWDSEC:
🎓 CrowdSec Academy - https://academy.crowdsec.net/
💡 CrowdSec Blog - https://www.crowdsec.net/blog
📁 CrowdSec Docs - https://docs.crowdsec.net/

CONNECT WITH CROWDSEC:
Discord -   / discord  
Twitter -   / crowd_security  
GitHub - https://github.com/crowdsecurity/crow...
Reddit -   / crowdsec  
LinkedIn -   / crowdsec  

ABOUT CROWDSEC:
CrowdSec is an open-source and collaborative intrusion prevention and detection system able to analyze visitor behavior and provide an adapted response to all kinds of attacks. It also leverages crowd power to generate a global IP reputation database to protect the user network. Using a collaborative approach, CrowdSec generates a real-time crowdsourced CTI (Cyber Threat Intelligence Database): when a malicious IP is identified and blocked locally, it is then shared with the community. Visit https://www.crowdsec.net/ to learn more.


And, if you like what we do, let us know about it with a review on G2: https://www.g2.com/products/crowdsec/...

show more

Share/Embed

Up next