5.1 KiB
{{cli.bin}} allows you install, list, update/upgrade and remove configurations : parsers, enrichment, scenarios.
The various parsers, enrichers and scenarios installed on your machine makes a coherent ensemble to provide detection capabilities.
Parsers, Scenarios and Enrichers are often bundled together in "collections" to facilitate configuration.
Parsers, scenarios, enrichers and collections all follow the same principle :
{{cli.bin}} install parser crowdsec/nginx-logs{{cli.bin}} update collection crowdsec/base-http-scenarios{{cli.bin}} remove scenario crowdsec/mysql-bf
Please see your local
{{cli.bin}} helpfor up-to-date documentation
List configurations
{{cli.bin}} list
note -a allows for listing of uninstalled configurations as well
{{cli.name}} list example
$ {{cli.bin}} list
INFO[0000] Loaded 9 collecs, 14 parsers, 12 scenarios, 1 post-overflow parsers
INFO[0000] PARSERS:
--------------------------------------------------------------------------------------------------------------------
NAME 📦 STATUS VERSION LOCAL PATH
--------------------------------------------------------------------------------------------------------------------
crowdsec/nginx-logs ✔️ enabled 0.3 /etc/crowdsec/config/parsers/s01-parse/nginx-logs.yaml
crowdsec/geoip-enrich ✔️ enabled 0.4 /etc/crowdsec/config/parsers/s02-enrich/geoip-enrich.yaml
crowdsec/syslog-logs ✔️ enabled 0.4 /etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml
crowdsec/whitelists ✔️ enabled 0.4 /etc/crowdsec/config/parsers/s02-enrich/whitelists.yaml
crowdsec/http-logs ✔️ enabled 0.4 /etc/crowdsec/config/parsers/s02-enrich/http-logs.yaml
crowdsec/dateparse-enrich ✔️ enabled 0.4 /etc/crowdsec/config/parsers/s02-enrich/dateparse-enrich.yaml
--------------------------------------------------------------------------------------------------------------------
INFO[0000] SCENARIOS:
-----------------------------------------------------------------------------------------------------------------------
NAME 📦 STATUS VERSION LOCAL PATH
-----------------------------------------------------------------------------------------------------------------------
crowdsec/http-scan-uniques_404 ✔️ enabled 0.4 /etc/crowdsec/config/scenarios/http-scan-uniques_404.yaml
crowdsec/http-crawl-non_statics ✔️ enabled 0.4 /etc/crowdsec/config/scenarios/http-crawl-non_statics.yaml
-----------------------------------------------------------------------------------------------------------------------
INFO[0000] COLLECTIONS:
-------------------------------------------------------------------------------------------------------------------
NAME 📦 STATUS VERSION LOCAL PATH
-------------------------------------------------------------------------------------------------------------------
crowdsec/linux ✔️ enabled 0.2 /etc/crowdsec/config/collections/linux.yaml
crowdsec/nginx ✔️ enabled 0.2 /etc/crowdsec/config/collections/nginx.yaml
crowdsec/base-http-scenarios ✔️ enabled 0.1 /etc/crowdsec/config/collections/base-http-scenarios.yaml
-------------------------------------------------------------------------------------------------------------------
INFO[0000] POSTOVERFLOWS:
--------------------------------------
NAME 📦 STATUS VERSION LOCAL PATH
--------------------------------------
--------------------------------------
For {{parsers.htmlname}}, {{scenarios.htmlname}}, {{collections.htmlname}} the outputs include, beside the version, the path and the name, a STATUS column :
✔️ enabled: configuration is up-to-date⚠️ enabled,outdated: a newer version is available🚫 enabled,local: configuration is not managed by {{cli.name}}⚠️ enabled,tainted: configuration has been locally modified
(see {{cli.name}} upgrade to upgrade/sync your configurations with {{hub.htmlname}})
Install new configurations
{{cli.bin}} install parser|scenario|postoverflow <name> [--force]
{{cli.bin}} install parser crowdsec/nginx-logs{{cli.bin}} install scenario crowdsec/http-scan-uniques_404
Remove configurations
{{cli.bin}} remove parser|scenario|postoverflow <name> [--force]
Upgrade configurations
upgrade a specific scenario
{{cli.bin}} upgrade scenario crowdsec/http-scan-uniques_404
upgrade all scenarios
{{cli.bin}} upgrade scenario --all
upgrade all configurations (parsers, scenarios, collections, postoverflows)
{{cli.bin}} upgrade --all