Sebastien Blot
dbdf3ad1bb
wip
2024-03-21 10:27:52 +01:00
marco
95f38d97d8
explicit message for 404
2024-03-19 15:33:55 +01:00
marco
c325c2765d
(wip) lp metrics
2024-03-19 15:33:55 +01:00
Thibault "bui" Koechlin
b1c09f7512
acquisition : take prometheus level into account ( #2885 )
...
* properly take into account the aggregation level of prometheus metrics in acquisition
2024-03-13 14:57:19 +01:00
mmetc
1eab943ec2
crowdsec: remove warning if prometheus port is taken during cold logs processing ( #2857 )
...
i.e. remove a "Warning: port is already in use" because it's probably LAPI
2024-03-07 14:36:28 +01:00
mmetc
98560d0cf5
bin/crowdsec: avoid writing errors twice when log_media=stdout ( #2876 )
...
* bin/crowdsec: avoid writing errors twice when log_media=stdout
simpler, correct hook usage
* lint
2024-03-07 12:29:10 +01:00
mmetc
d8877a71fc
lp metrics: collect datasources and console options ( #2870 )
2024-03-05 14:56:14 +01:00
mmetc
41b43733b0
fix: log stack trace while computing metrics ( #2865 )
2024-03-01 10:52:35 +01:00
mmetc
d34fb7e8a8
log processor: share apiclient in output goroutines ( #2836 )
2024-02-13 14:22:19 +01:00
Thibault "bui" Koechlin
3208a40ef3
Dedicated whitelist metrics ( #2813 )
...
* add proper whitelist metrics : both its own table and an extension to acquis metrics to track discarded/whitelisted lines
2024-02-06 18:04:17 +01:00
mmetc
6507e8f4cd
cscli: don't print use_wal warning ( #2794 )
2024-01-30 11:07:53 +01:00
mmetc
8c75efdb2a
lint: disallow naked returns ( #2771 )
2024-01-24 17:31:34 +01:00
blotus
421ef3bf9c
add cpu-profile flag ( #2723 )
2024-01-16 11:40:29 +01:00
mmetc
0ef5f20aa7
bin/crowdsec: avoid writing errors twice when log_media=stdout ( #2729 )
...
* bin/crowdsec: avoid writing errors twice when log_media=stdout
* lint
2024-01-12 14:44:09 +01:00
blotus
5d5a1117e1
Send installed appsec rules as part of the scenarios on login ( #2704 )
2024-01-08 14:33:53 +01:00
Sebastien Blot
ecd1a8bfed
Revert "Send installed appsec rules as part of the scenarios on login"
...
This reverts commit f99f003a50
.
2024-01-08 10:54:39 +01:00
Sebastien Blot
f99f003a50
Send installed appsec rules as part of the scenarios on login
2024-01-08 10:54:07 +01:00
mmetc
6e34d609b7
cscli: silence cwhub logger for non-hub related commands ( #2675 )
2023-12-19 17:20:09 +01:00
mmetc
4acb4f8df3
cwhub: context type ( #2631 )
...
* add hub type "context"
* cscli lapi: log.Fatal -> fmt.Errorf; lint
* tests for context.yaml
* load console context from hub
* original & compiled context
* deprecate "cscli lapi context delete"
$ cscli lapi context delete
Command "delete" is deprecated, please manually edit the context file.
* cscli completion: add appsec-rules, appsec-configs, explain, hubtest
2023-12-07 16:20:13 +01:00
Thibault "bui" Koechlin
8cca4346a5
Application Security Engine Support ( #2273 )
...
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)
The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)
---------
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-12-07 12:21:04 +01:00
mmetc
90d3a21853
CI: use go 1.21.5 ( #2640 )
...
* use go 1.21.5
* Simpler go:build directives
2023-12-06 12:38:36 +01:00
mmetc
1ab4487b65
cscli hub list: show only non-empty tables with -o human
...
* agent config: remove unused LintOnly bool
* Item.IsLocal() -> Item.State.IsLocal(); split method InstallStatus()
* cscli hub list: show only non-empty tables with -o human
2023-12-05 13:38:52 +01:00
Laurence Jones
05c1825622
Add to dump after postoverflow so we can test within hubtest ( #2511 )
...
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-11-28 13:18:41 +00:00
mmetc
ffcab0b2bc
Refactor hub management and cscli commands ( #2545 )
2023-11-24 15:57:32 +01:00
mmetc
9235f55c47
Refact pkg/cwhub (part 4) ( #2518 )
...
* generalize function: GetInstalledItems, GetInstalledItemsAsString
* extracted function itemKey, happy path
* review comments / remove redundant; rename file to remove build tags
* remove unused fields in Item struct
* unix build tag
2023-10-05 09:35:03 +02:00
Laurence Jones
702da0f59a
[enhancement] cscli explain --labels ( #2461 )
...
* Add label support for explain and allow user to provide multiple labels
* Change my mind about empty string
* Add debug and im an idiot 😄
2023-09-11 14:18:04 +01:00
mmetc
b562103024
Make: build with debug symbols in func tests or if DEBUG=1; drop BUILD_VENDOR_FLAGS ( #2443 )
2023-08-28 15:58:26 +02:00
mmetc
2aa55e9444
move plugins/notifications/* to cmd/notification-* ( #2429 )
...
This ensures keeping all dependencies in sync, and simplifies
packaging under freebsd/gentoo/etc because there is a single
vendor directory.
2023-08-24 09:46:25 +02:00
mmetc
caaed7c515
Timeout on shutdown while waiting for events to be flushed ( #2423 )
2023-08-16 21:03:15 +02:00
mmetc
ffadd42779
update dependency on go-cs-lib; drop the pkg/ part ( #2393 )
2023-07-28 16:35:08 +02:00
mmetc
5cb7013575
Check cscli preconditions with crowdsec-cli/require package ( #2388 )
2023-07-27 17:02:20 +02:00
mmetc
1a6f12c88e
Build target for "make tidy" ( #2378 )
...
The make tidy target runs "go mod tidy" in the root directory and all plugins.
2023-07-26 10:24:37 +02:00
Manuel Sabban
9ac5aeda79
fix the ci by adding the ability to enforce event ordering ( #2347 )
...
* fix the ci by adding the ability to enforce event ordering
2023-07-20 11:41:30 +02:00
mmetc
3c16139c44
Reduce log verbosity at startup ( #2363 )
...
A configuration syntax test is performed every time the service is
started from systemd. The resulting error, if any, is shown on
journalctl logs.
This PR removes the unnecessary output in crowdsec.log generated by the
configuration test.
2023-07-19 13:28:52 +02:00
mmetc
9967d60987
errors.Wrap -> fmt.Errorf ( #2333 )
2023-07-06 10:14:45 +02:00
mmetc
a910b7beca
non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) ( #2309 )
...
This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.
2023-06-27 10:13:13 +02:00
mmetc
62caffb102
update leakybucket readme ( #2298 )
2023-06-22 15:35:01 +02:00
mmetc
fddf597040
errors.Wrap -> fmt.Errorf; clean up imports ( #2297 )
2023-06-22 15:01:34 +02:00
mmetc
4e2c9c185b
Implement "crowdsec -fatal" flag; change help message ( #2266 )
...
The -trace...-fatal flags do not change the log destination but only the
verbosity. This change reflects that, and implements "-fatal" which was missing.
2023-06-08 15:06:06 +02:00
mmetc
8da9d5eefd
don't log notification error if not running under systemd ( #2274 )
2023-06-08 15:04:48 +02:00
mmetc
9ccdddaab1
CI: refactor makefile for plugins and vendor target ( #2256 )
2023-06-05 23:15:18 +02:00
mmetc
2a8e97d558
show option -winsvc only under windows ( #2258 )
2023-06-05 13:49:31 +02:00
mmetc
1f9f81da70
makefiles: de-duplicate, simplify and remove unused code ( #2222 )
2023-05-25 10:32:05 +02:00
mmetc
534328ca30
decouple bouncer dependencies: use go-cs-lib/pkg/* ( #2216 )
...
* decouple bouncer dependencies: use go-cs-lib/pkg/trace
* decouple bouncer dependencies: use go-cs-lib/pkg/version
* decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch
* decouple bouncer dependencies: use go-cs-lib/pkg/csstring
* unused import
2023-05-23 10:52:47 +02:00
mmetc
e1f5ed41df
Implement "cscli config show-yaml" ( #2191 )
2023-05-11 21:01:13 +02:00
mmetc
6b744884b0
Update deps to latest stable: go-systemd, tail, cobra, lumberjack, testify ( #2164 )
2023-04-12 16:58:11 +02:00
blotus
1e018bdaf8
Wait for both api and agent chans if necessary when daemonize is false or running on windows ( #2155 )
2023-04-04 15:16:48 +02:00
mmetc
38ab6be7c2
Allow feature.yml to change available subcommands ( #2156 )
2023-04-03 10:11:56 +02:00
mmetc
ea6401ce09
CI: Static builds by default; replace bincover with go -cover from 1.20 ( #2150 )
...
* Makefile: build static binaries only
* Replace bincover with go -cover from 1.20
* CI: Fix timing issue between lapi and agent containers
2023-03-30 15:05:09 +02:00
blotus
61bea26486
Add transform
configuration option for acquisition ( #2144 )
2023-03-29 16:04:17 +02:00