2020-05-15 14:58:24 +00:00
# Write the acquisition file (optional for test)
In order for your log to be processed by the good parser, it must match the filter that you will configure in your parser file.
2020-08-05 09:24:34 +00:00
There are two options:
2020-05-15 14:58:24 +00:00
2020-08-05 09:24:34 +00:00
- Your logs are written by a syslog server, so you just have to install the [syslog parser ](https://master.d3padiiorjhf1k.amplifyapp.com/author/crowdsecurity/configurations/syslog-logs )
- Your logs are read from a log file. Please add this kind of configuration in your `acquis.yaml` file:
2020-05-15 14:58:24 +00:00
2020-08-05 09:24:34 +00:00
ⓘ the `type` will be matched by the parsers's `filter` in stage `s01-parse` .
2020-05-15 14:58:24 +00:00
2020-08-05 09:24:34 +00:00
```yaml
2020-05-15 14:58:24 +00:00
---
filename: < PATH_TO_YOUR_LOG_FILE >
labels:
2020-06-30 08:35:19 +00:00
type: < PROGRAM_NAME >
2020-05-15 14:58:24 +00:00
```
Here an example:
< details >
< summary > Nginx acquisition< / summary >
```yaml
---
filename: /var/log/nginx/access.log
labels:
2020-06-30 08:35:19 +00:00
type: nginx
2020-05-15 14:58:24 +00:00
```
< / details >
< details >
< summary > Nginx parser filter< / summary >
```yaml
---
filter: evt.Parsed.program == 'nginx'
```
< / details >
