Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: gerstepe on December 16, 2025, 03:47:35 PM

Title: custom crowdsec parser for os-opnwaf
Post by: gerstepe on December 16, 2025, 03:47:35 PM
Hi,

i'm using the Web Application Firewall from the Business Edition (os-OPNWAF) and wanted to integrate it into CrowdSec.
I tried to configure the Apache error log in crowdsec aquisitions and added the apache2 and modsecurity collections.
Log parsing does not seem to work.
I was wondering if someone tried this already or made a custom log parser for the OPNWAF logs? I couldn't find anything here or on the web.
Title: Re: custom crowdsec parser for os-opnwaf
Post by: someone on December 25, 2025, 01:47:32 AM
I am new to WAF
Title: Re: custom crowdsec parser for os-opnwaf
Post by: Monviech (Cedrik) on December 25, 2025, 08:36:14 AM
Nobody deleted your posts, they were moved to the general section.

You did not answer anything the OP needed.

Its about the log format that crowdsec needs to consume via a collection (https://app.crowdsec.net/hub/author/crowdsecurity/collections/apache2)

The log format of the apache2 access logs need to be original and not preprocessed by syslog-ng, thats why its most likely not working for OP.

Please stop writing this mix of noise that adds nothing of value. If you want to answer a question, do it but without all the confused rambling.
Title: Re: custom crowdsec parser for os-opnwaf
Post by: someone on December 25, 2025, 06:31:02 PM

Thanks


thanks again
Title: Re: custom crowdsec parser for os-opnwaf
Post by: Patrick M. Hausen on December 25, 2025, 06:38:38 PM
You have never provided any evidency of these alleged "hacks".
Text only | Text with Images