custom crowdsec parser for os-opnwaf

Started by gerstepe, December 16, 2025, 03:47:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 16, 2025, 03:47:35 PM
Hi,

i'm using the Web Application Firewall from the Business Edition (os-OPNWAF) and wanted to integrate it into CrowdSec.
I tried to configure the Apache error log in crowdsec aquisitions and added the apache2 and modsecurity collections.
Log parsing does not seem to work.
I was wondering if someone tried this already or made a custom log parser for the OPNWAF logs? I couldn't find anything here or on the web.
December 25, 2025, 01:47:32 AM #1 Last Edit: January 07, 2026, 04:21:51 AM by someone
I am new to WAF
December 25, 2025, 08:36:14 AM #2
Nobody deleted your posts, they were moved to the general section.

You did not answer anything the OP needed.

Its about the log format that crowdsec needs to consume via a collection (https://app.crowdsec.net/hub/author/crowdsecurity/collections/apache2)

The log format of the apache2 access logs need to be original and not preprocessed by syslog-ng, thats why its most likely not working for OP.

Please stop writing this mix of noise that adds nothing of value. If you want to answer a question, do it but without all the confused rambling.
Hardware:
DEC740
December 25, 2025, 06:31:02 PM #3 Last Edit: January 07, 2026, 04:21:05 AM by someone

Thanks


thanks again
December 25, 2025, 06:38:38 PM #4
You have never provided any evidency of these alleged "hacks".
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions