beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

update crowdsec tour documentation (#713)

Browse source 
Co-authored-by: AlteredCoder <AlteredCoder>
This commit is contained in:
AlteredCoder 2021-03-22 17:17:33 +01:00 committed by GitHub
parent 4166d9ff48
commit 1f2f6c87d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 40 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
docs/v1.X/docs/getting_started/crowdsec-tour.md
View file

@ -52,6 +52,43 @@ INFO[0000] POSTOVERFLOWS:
```
</details>
## Installing configurations
```bash
sudo cscli <configuration_type> install <item>
```
`configuration_type` can be:
- [`parsers`](https://docs.crowdsec.net/Crowdsec/v1/references/parsers/)
- [`scenarios`](https://docs.crowdsec.net/Crowdsec/v1/references/scenarios/)
- [`postoverflows`](https://docs.crowdsec.net/Crowdsec/v1/references/postoverflows/)
- [`collections`](https://docs.crowdsec.net/Crowdsec/v1/references/collections/)
They can be found and browsed on the {{v1X.hub.htmlname}}
## Upgrading configurations
```bash
sudo cscli <configuration_type> upgrade <item>
```
`configuration_type` can be:
- [`parsers`](https://docs.crowdsec.net/Crowdsec/v1/references/parsers/)
- [`scenarios`](https://docs.crowdsec.net/Crowdsec/v1/references/scenarios/)
- [`postoverflows`](https://docs.crowdsec.net/Crowdsec/v1/references/postoverflows/)
- [`collections`](https://docs.crowdsec.net/Crowdsec/v1/references/collections/)
They can be found and browsed on the {{v1X.hub.htmlname}}
## List active decisions
@ -202,9 +239,12 @@ The `Acquisition Metrics` is a great way to know if your parsers are setup corre
The `Parser Metrics` will let you troubleshoot eventual parser misconfigurations :
- **HITS** is how many events where fed to this specific parser
- **PARSED** and **UNPARSED** indicate how many events successfully come out of the parser
For example, if you have a custom log format in nginx that is not supported by the default parser, you will end up seeing a lot of **UNPARSED** for this specific parser, and 0 for **PARSED**.
For more advanced metrics understanding, [take a look at the dedicated prometheus documentation](/Crowdsec/v1/observability/prometheus/).
@ -228,15 +268,6 @@ sudo tail -f /var/log/crowdsec.log
- `/var/log/crowdsec.log` is the main log, it shows ongoing decisions and acquisition/parsing/scenario errors.
- `/var/log/crowdsec_api.log` is the access log of the local api (LAPI)
## Installing collections
```bash
sudo cscli collections install crowdsecurity/nginx
```
Collections are bundles of parsers/scenarios that form a coherent ensemble to analyze/detect attacks for a specific service. It is the most common way to deploy configurations.
They can be found and browsed on the {{v1X.hub.htmlname}}
## Scalability