Comment on Suggestions for crowdsec + caddy + docker setup
irmadlad@lemmy.world 4 days ago
On the free plan, you should be able to set up 2 remediation components, 4 blocklists, and a variety of scenarios. For the scenarios, I’d only install what you have need for.
As far as logs, I personally think something more along the lines of Grafana+Loki_Alloy for logs and metrics. You could even use something like lnav. Lnav is simple to install. It’s not a dialed out dashboard of metrics, rather it keeps things simple. After install, to access it simply type lnav and the log location you wish to view: lnav /var/log/auth.log or lnav /var/log/syslog in the cli.
I really tried with logging aps like ELK, Graylog, etc. I found them to be quite heavy for my environment. They certainly do have all the bells and whistles and pretty graphics, but again, it comes down to what can your server run comfortably. I didn’t want to eat up 2/3 of my resources just to look at logs. The Grafana+Loki+Alloy combo really sips the resources. I think for all I have Grafana monitoring, it clocks in at around 2+/- gb in used resources.
whysofurious@lemmy.dbzer0.com 3 days ago
Thanks for the thorough reply! I didn’t know about Inav, but it looks very interesting. I agree on the Grafana stack, it’s not something I really need now, and if I have to inspect single containers I can go for something like Dozzle.
About crowdsec free plan, looking at the pricing page, I see that the community plan has unlimited remediation components and 3 blocklist + unlimited scenarios, or am I looking in the wrong place? (honestly that page is pretty confusing)
irmadlad@lemmy.world 3 days ago
I’m probably telling you wrong, but I’ve only been able to do the cs-blocklist-mirror and firewall-bouncer. There are a bunch of the scenarios that are remediation components. If you look at something like cs-cloudflare-worker-bouncer, well I don’t have a use for the cs-cloudflare-worker-bouncer remediation component, so that doesn’t get installed. Same for remediation components like cs-aws-waf-bouncer. So yes, there are unlimited remediation components, just not all will fit your use case. As I understand it, you can even write your own, tho I’ve not dabbled in that aspect.
If all you want to do is look at Docker logs and the occasional syslog, then I would think Dozzle to be quite capable in conjunction with something along the lines of lnav.