Logs don’t appear to be parsing correctly

[blassley]

Initiating failed logins via radarr, sonarr, etc don't trigger a ban. Now using my Authentik-bf works but login failures via the arr login page never triggers a ban. I feel as if this is due to NPMplus on making an error log and only an access log? I enabled logrotate?

[Zoey2936]

sorry, but this has nothing todo with npmplus, if you want help setting up parses for other logs please ask there

[Zoey2936]

also your crowdsec misses the ZoeyVid/npmplus collection

[blassley]

also your crowdsec misses the ZoeyVid/npmplus collection

It's there. But it's tainted and idk why

[Zoey2936]

does crowdsec have access to the docker socket?

[blassley]

does crowdsec have access to the docker socket?

Yes Loz over on crowdsec helped me I had too remove the old:

filenames:
  - /var/log/nginx/*.log
#this is not a syslog log, indicate which kind of logs it is
labels:
  type: nginx-proxy-manager
---

From the acquis.yaml now I can see the npmplus logs being parsed. You may want to add this step to the readme when migrating unless I missed it :)

[Zoey2936]

Can you open a PR maybe?