CrowdSec is a proud participant in the Microsoft Copilot for Security Partner Private Preview
Read more
Product news

CrowdSec introduces a new version to simplify parsers creation and troubleshooting

CrowdSec introduced release of new version 1.2.1 to simplify creation and troubleshooting of parsers and scenarios.

We've released version 1.2.1 of CrowdSec

This version contains a few bug fixes, improvements for people dealing with massive databases with many agents and bouncers. But mostly, it introduces a new feature to make the creation and troubleshooting of parsers and scenarios easier  - cscli explain.

Debugging a faulty parser or creating a new scenario can be tricky when you don’t know what data ends up in which field, or which parser of a chain misbehaves.

Until now, the easiest way would be to turn the given parser(s) into debug more and run CrowdSec with the faulty log lines, which is tedious and time-consuming.

That’s what cscli explain helps to solve: it shows the user which parsers picked up the line, and if it did succeed parsing it, along with the changes it made to it.

Concretely cscli explain works like this:

cscli explain in action

Here we can see the lines being picked up by the non-syslog parser, then by the nginx parser, as well as by various enrichers (such as GeoIP), before finally landing in various scenarios: http-crawl-non_statics and http-probbing.

It has been something we meant to do for a while. And we hope the form it takes in this release will help solve the issue.

cscli explain intends to help not only troubleshoot but also create and customize parsers and scenarios. Thus, it also allows to see detailed changes of each step:

cscli explain allowing to see detailed changes of each step of parser/scenario creation

And that’s mostly it for this release. Stay tuned for more!

Feel free to contact us using our community channels (Gitter and Discourse) and share your feedback or suggestions. Read more about CrowdSec releases and features on our blog.

No items found.