Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker guacamole/guacamole | Collection corvese/apache-guacamole | Parsing stdout does not work #1199

Open
Crash1602 opened this issue Dec 19, 2024 · 3 comments
Open

Docker guacamole/guacamole | Collection corvese/apache-guacamole | Parsing stdout does not work #1199

Crash1602 opened this issue Dec 19, 2024 · 3 comments

Comments

@Crash1602
Copy link

Hello everyone,

I have previously installed and operated my Guacamole installation directly on Debian. Unfortunately, despite extensive research (for me), it was not possible to generate the necessary logs for the collection to be applied.

Now I run my Guacamole installation as a Docker Compose stack. The Guacamole client delivers the necessary information for the collection in the Docker standard output, but unfortunately, the log structure differs from the normal one.

At least my test string fails:

cscli explain --log '07:27:04.499 [http-nio-8080-exec-1] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from [98.225.139.30, 172.30.0.4] for user "test" failed.' --type apache-guacamole -v

Stdout Docker:

07:25:56.900 [http-nio-8080-exec-2] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from [98.225.139.30, 172.30.0.4] for user "guacauth" failed.
07:26:04.835 [http-nio-8080-exec-10] INFO  o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully authenticated from [98.225.139.30, 172.30.0.4].
07:26:20.051 [http-nio-8080-exec-1] INFO  o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully authenticated from [98.225.139.30, fd30:0:0:0:0:0:0:5].
07:26:58.210 [http-nio-8080-exec-3] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from [98.225.139.30, 172.30.0.4] for user "guacauth" failed.
07:27:04.499 [http-nio-8080-exec-1] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from [98.225.139.30, 172.30.0.4] for user "test" failed.

If IPv6 entries are also needed, I will try to provide them later.

I have directly integrated the Docker container into the CrowdSec of the Docker host.

source: docker
container_name:
 - guacamole-client-prod 
labels:
  type: apache-guacamole

It would be great if there were a custom collection or parser for the Docker variant.

Thank you!

cscli_explain.txt
@LaurenceJJones
Copy link
Contributor

LaurenceJJones commented Dec 19, 2024
edited
Loading

Hey 👋🏻

From what I can see from the parser and the logs you have given the only section that I would say is failing to parse is we expect a timestamp 8601 format, and this is just showing a time and no date.

Is there a way to control this format or should we update the parser to expect both?

@Crash1602
Copy link
Author

Crash1602 commented Dec 19, 2024
edited
Loading

Hey @LaurenceJJones ,

thanks for your answer. I haven't found any documented option to adjust the timestamp using an environment variable. If it works and both are expected and accepted, that would certainly be a simple and great solution!

Thank you!

  1. Guacamole-Client: https://hub.docker.com/r/guacamole/guacamole
  2. Compose-Example: https://github.com/boschkundendienst/guacamole-docker-compose

@Crash1602
Copy link
Author

Hey @LaurenceJJones ,

I wish you a happy new Year! Is there an update on the extended acceptance of the date format?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LaurenceJJones @Crash1602