Do we need a separate crowdsec agent running?

[apxcarter]

I'm new to crowdsec, but my understanding is that I need an agent running on the same machine/vm/container to consume logs and send alerts to the LAPI.

Does this also handle that for Caddy logs or is it just the bouncer? Do we need Caddy's logs set to a certain mode or anything?

[hslatman]

Hey @apxcarter,

This is just the Caddy bouncer, currently. I started looking at integrating the new App Sec component here, but I haven't had much time to think it all through, so that's not there yet.

You're right that you'll need the CrowdSec Agent running somewhere too; it's not launched as part of this Caddy bouncer, or something like that. It shouldn't be required to run it on the same machine as Caddy, as long as the logs can be read by the Agent. You could send the logs to the Agent using the syslog format, for example, although that probably requires some more configuration and testing to get right. Running it locally, or at least close (e.g. in a Docker container in the same network, potentially with a shared volume for the logs), probably is the easiest way to get started testing. There's some official docs for that part on the hub: https://app.crowdsec.net/hub/author/crowdsecurity/configurations/caddy-logs.

It's still on my list to improve usage examples, including how to configures logs, but I need to find some time 😅

[Simbiat]

Don't know if it will be of much use, but my project https://github.com/Simbiat/simbiat.ru has docker-compose.yml, env.example and config folder with what is required to setup FrankenPHP, CrowdSec and MariaDB. No a tutorial, yes, but should be mostly straightforward.

[modem-man-gmx]

Don't know if it will be of much use, but my project https://github.com/Simbiat/simbiat.ru has docker-compose.yml, env.example and config folder ...

After reading your statement, I was very interested in reading your project. But your README.md is very, very short. Not really attractive this time. Perhaps later.
дружба,
M.

[Simbiat]

@modem-man-gmx do you really need in a readme for code of a website, that can be viewed live 😅

[modem-man-gmx]

@modem-man-gmx do you really need in a readme for code of a website, that can be viewed live 😅

Yes, of course! You are surely able to read your own code and see the ideas behind. I'm able to read my own code and remember the ideas behind, but why should it work crosswise? ;-)

I am out of web server business when inline-PHP scripts started replacing static Pearl-generated sites. So aside of some old (and dangerous) knowledge, I am a beginner with modern security concepts and the whole Eco-system around. My expert knowledge is far away of modern web servers, of PHP and so on. Last time I worked with web servers, I wrote an own implementation in C99 on a µC. Guess, even Apache was not well known that time.

Nowadays I have to face the fact to been working decades with other technologies and need to learn and understand Caddy and Crowdsec (or alike) now quickly. That's why I am lingering around an asking questions.

[Simbiat]

@modem-man-gmx readme will not help you read the code, though. you will still need to open PHP files there and read them. And I do leave comments in my code. As well as comments in my configs, too, where deemed necessary (that's why I use JSON5 for Caddy config). But anyway, this is beyond the scope of this issue. If you have questions about how I do things you can use any of my contacts on my website or or just create an issue in the repo, I'll try to explain things.