Want to improve the security of your ecommerce website?

Learn how

CrowdSec

CrowdSec Blog

CrowdSec introduces a new version to simplify parsers creation and troubleshooting

We’ve released version 1.2.1 of CrowdSec

This version contains a few bug fixes, improvements for people dealing with massive databases with many agents and bouncers. But mostly, it introduces a new feature to make the creation and troubleshooting of parsers and scenarios easier  – cscli explain.

Debugging a faulty parser or creating a new scenario can be tricky when you don’t know what data ends up in which field, or which parser of a chain misbehaves.

Until now, the easiest way would be to turn the given parser(s) into debug more and run CrowdSec with the faulty log lines, which is tedious and time-consuming.

That’s what cscli explain helps to solve: it shows the user which parsers picked up the line, and if it did succeed parsing it, along with the changes it made to it.

Concretely cscli explain works like this:

cscli explain in action

Here we can see the lines being picked up by the non-syslog parser, then by the nginx parser, as well as by various enrichers (such as GeoIP), before finally landing in various scenarios: http-crawl-non_statics and http-probbing.

It has been something we meant to do for a while. And we hope the form it takes in this release will help solve the issue.

cscli explain intends to help not only troubleshoot but also create and customize parsers and scenarios. Thus, it also allows to see detailed changes of each step:

cscli explain allowing to see detailed changes of each step of parser/scenario creation

And that’s mostly it for this release. Stay tuned for more!

Feel free to contact us using our community channels (Gitter and Discourse) and share your feedback or suggestions. Read more about CrowdSec releases and features on our blog.

You may also like

am i under attack
Product Updates

Am I Under Attack: Cut Through the Noise to Detect Sophisticated and Targeted Attacks with CrowdSec’s New feature

Am I Under Attack leverages advanced AI algorithms to detect anomalies in your logs indicating more sophisticated or targeted attacks.

new and advanced ip lookup search
Product Updates

Introducing the New and Advanced IP Lookup Search

In a previous article, we introduced the CTI Report, this time, we are taking it a step further and introducing new and advanced search options for our IP lookup.  You now have access to multiple search options to accurately and effectively explore the CrowdSec CTI.   Let’s take a look. IP lookup search These new search […]

Discover CrowdSec’s Free Third-Party Blocklists
Product Updates

Discover CrowdSec’s Free Third-Party Blocklists

In case you missed it, we recently announced the new Blocklists Catalog in the CrowdSec Console. In the catalog, you can find several blocklists centralized in one place, including third-party blocklists that are free to all users.  All users on the CrowdSec Console can subscribe their Security Engines to third-party blocklists to secure their systems […]