diff --git a/config/acquis.yaml b/config/acquis.yaml index f41173a2e..e3e0399b0 100644 --- a/config/acquis.yaml +++ b/config/acquis.yaml @@ -8,7 +8,6 @@ labels: filenames: - /var/log/auth.log - /var/log/syslog -#no need to set the prog_name, syslog format contains this info labels: type: syslog --- diff --git a/docs/getting_started/glossary.md b/docs/getting_started/glossary.md index 69ce8ea57..c9c63c94a 100644 --- a/docs/getting_started/glossary.md +++ b/docs/getting_started/glossary.md @@ -41,7 +41,7 @@ filenames: #a list of file or regexp to read from (supports regular expressions) - /var/log/nginx/https_access.log - /var/log/nginx/error.log labels: - prog_name: nginx + type: nginx --- filenames: - /var/log/auth.log @@ -49,7 +49,7 @@ labels: type: syslog ``` -The `labels` part is here to tag the incoming logs with a type. `labels.prog_name` and `labels.type` are used by the parsers to know which logs to process. +The `labels` part is here to tag the incoming logs with a type. `labels.type` are used by the parsers to know which logs to process. ### **Parser** diff --git a/docs/write_configurations/acquisition.md b/docs/write_configurations/acquisition.md index fa30976a7..7e9fa0c28 100644 --- a/docs/write_configurations/acquisition.md +++ b/docs/write_configurations/acquisition.md @@ -6,14 +6,14 @@ There is two option: - Your logs are wrote from a syslog server, so you just have to install the [syslog parser](https://master.d3padiiorjhf1k.amplifyapp.com/author/crowdsecurity/configurations/syslog-logs) - You're log are read from a log file. Please add this kind of configuration in your `acquis.yaml` file: -ⓘ the `prog_name` is the one that the parser in `s01-parse` filter will need to match. +ⓘ the `type` is the one that the parser in `s01-parse` filter will need to match. ``` --- filename: labels: - prog_name: + type: ``` Here an example: @@ -25,7 +25,7 @@ Here an example: --- filename: /var/log/nginx/access.log labels: - prog_name: nginx + type: nginx ```