github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/testdata/07_setup/detect.yaml (about) 1 # TODO: windows, use_time_machine, event support (see https://hub.crowdsec.net/author/crowdsecurity/collections/iis) 2 3 --- 4 version: 1.0 5 6 detect: 7 apache2: 8 when: 9 - ProcessRunning("apache2") 10 install: 11 collections: 12 - crowdsecurity/apache2 13 datasource: 14 source: file 15 labels: 16 type: apache2 17 filenames: 18 - /var/log/apache2/*.log 19 - /var/log/*http*/*.log 20 - /var/log/httpd/*.log 21 22 apache2-systemd: 23 when: 24 - UnitFound("apache2.service") 25 - OS.ID != "centos" 26 install: 27 collections: 28 - crowdsecurity/apache2 29 datasource: 30 source: journalctl 31 journalctl_filter: 32 - "_SYSTEMD_UNIT=mock-apache2.service" 33 labels: 34 type: apache2 35 36 apache2-systemd-centos: 37 when: 38 - UnitFound("httpd.service") 39 - OS.ID == "centos" 40 install: 41 collections: 42 - crowdsecurity/apache2 43 datasource: 44 source: journalctl 45 journalctl_filter: 46 - "_SYSTEMD_UNIT=httpd.service" 47 48 ssh-systemd: 49 when: 50 - UnitFound("ssh.service") or UnitFound("ssh.socket") 51 install: 52 collections: 53 - crowdsecurity/apache2 54 datasource: 55 source: journalctl 56 journalctl_filter: 57 - "_SYSTEMD_UNIT=ssh.service" 58 labels: 59 type: syslog 60 61 linux: 62 when: 63 - OS.Family == "linux" 64 install: 65 collections: 66 - crowdsecurity/linux 67 datasource: 68 source: file 69 labels: 70 type: syslog 71 filenames: 72 - /var/log/syslog 73 - /var/log/kern.log 74 - /var/log/messages 75 76 freebsd: 77 when: 78 - OS.Family == "freebsd" 79 install: 80 collections: 81 - crowdsecurity/freebsd 82 83 windows: 84 when: 85 - OS.Family == "windows" 86 install: 87 collections: 88 - crowdsecurity/windows