From d2e6b0772a3f816a0296351dc2b5107090ea1512 Mon Sep 17 00:00:00 2001 From: Laurence Date: Thu, 4 Sep 2025 10:26:18 +0100 Subject: [PATCH 1/2] enhance: make example clearer in whitelist --- .../docs/log_processor/whitelist/ip_based_whitelist.md | 4 ++-- .../log_processor/whitelist/postoverflow_based_whitelist.md | 6 +++--- .../log_processor/whitelist/ip_based_whitelist.md | 4 ++-- .../log_processor/whitelist/postoverflow_based_whitelist.md | 6 +++--- .../log_processor/whitelist/ip_based_whitelist.md | 4 ++-- .../log_processor/whitelist/postoverflow_based_whitelist.md | 6 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md b/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md index 2441df016..a80e6bc57 100644 --- a/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md +++ b/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md @@ -13,9 +13,9 @@ description: "Whitelist events from my ip addresses" whitelist: reason: "my ip ranges" ip: - - "80.x.x.x" + - "192.168.1.1" cidr: - - "80.x.x.x/24" + - "192.168.1.0/24" ``` ```bash title="Reload CrowdSec" diff --git a/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md b/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md index f1ebe54cb..43f81a4ed 100644 --- a/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md +++ b/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md @@ -50,9 +50,9 @@ tail -f /var/log/crowdsec.log You should be able to see the following output: ``` -time="07-07-2020 17:11:09" level=info msg="Ban for 80.x.x.x whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 -time="07-07-2020 17:11:09" level=info msg="node warning : no remediation" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=80.x.x.x -time="07-07-2020 17:11:09" level=info msg="Processing Overflow with no decisions 80.x.x.x performed 'crowdsecurity/http-probing' (11 events over 313.983994ms) at 2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=80.x.x.x +time="07-07-2020 17:11:09" level=info msg="Ban for 192.168.1.1 whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 +time="07-07-2020 17:11:09" level=info msg="node warning : no remediation" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=192.168.1.1 +time="07-07-2020 17:11:09" level=info msg="Processing Overflow with no decisions 192.168.1.1 performed 'crowdsecurity/http-probing' (11 events over 313.983994ms) at 2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=192.168.1.1 ``` This time, we can see that logs are being produced when the event is discarded. diff --git a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md index 2441df016..a80e6bc57 100644 --- a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md @@ -13,9 +13,9 @@ description: "Whitelist events from my ip addresses" whitelist: reason: "my ip ranges" ip: - - "80.x.x.x" + - "192.168.1.1" cidr: - - "80.x.x.x/24" + - "192.168.1.0/24" ``` ```bash title="Reload CrowdSec" diff --git a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/postoverflow_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/postoverflow_based_whitelist.md index f1ebe54cb..43f81a4ed 100644 --- a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/postoverflow_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/postoverflow_based_whitelist.md @@ -50,9 +50,9 @@ tail -f /var/log/crowdsec.log You should be able to see the following output: ``` -time="07-07-2020 17:11:09" level=info msg="Ban for 80.x.x.x whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 -time="07-07-2020 17:11:09" level=info msg="node warning : no remediation" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=80.x.x.x -time="07-07-2020 17:11:09" level=info msg="Processing Overflow with no decisions 80.x.x.x performed 'crowdsecurity/http-probing' (11 events over 313.983994ms) at 2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=80.x.x.x +time="07-07-2020 17:11:09" level=info msg="Ban for 192.168.1.1 whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 +time="07-07-2020 17:11:09" level=info msg="node warning : no remediation" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=192.168.1.1 +time="07-07-2020 17:11:09" level=info msg="Processing Overflow with no decisions 192.168.1.1 performed 'crowdsecurity/http-probing' (11 events over 313.983994ms) at 2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=192.168.1.1 ``` This time, we can see that logs are being produced when the event is discarded. diff --git a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md index 2441df016..a80e6bc57 100644 --- a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md @@ -13,9 +13,9 @@ description: "Whitelist events from my ip addresses" whitelist: reason: "my ip ranges" ip: - - "80.x.x.x" + - "192.168.1.1" cidr: - - "80.x.x.x/24" + - "192.168.1.0/24" ``` ```bash title="Reload CrowdSec" diff --git a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md index f1ebe54cb..43f81a4ed 100644 --- a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md @@ -50,9 +50,9 @@ tail -f /var/log/crowdsec.log You should be able to see the following output: ``` -time="07-07-2020 17:11:09" level=info msg="Ban for 80.x.x.x whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 -time="07-07-2020 17:11:09" level=info msg="node warning : no remediation" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=80.x.x.x -time="07-07-2020 17:11:09" level=info msg="Processing Overflow with no decisions 80.x.x.x performed 'crowdsecurity/http-probing' (11 events over 313.983994ms) at 2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=80.x.x.x +time="07-07-2020 17:11:09" level=info msg="Ban for 192.168.1.1 whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 +time="07-07-2020 17:11:09" level=info msg="node warning : no remediation" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=192.168.1.1 +time="07-07-2020 17:11:09" level=info msg="Processing Overflow with no decisions 192.168.1.1 performed 'crowdsecurity/http-probing' (11 events over 313.983994ms) at 2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" bucket_id=blue-cloud event_time="2020-07-07 17:11:09.175068053 +0200 CEST m=+2308.040825320" scenario=crowdsecurity/http-probing source_ip=192.168.1.1 ``` This time, we can see that logs are being produced when the event is discarded. From f3afd87583cbf586b4268e4492344790502c7652 Mon Sep 17 00:00:00 2001 From: Laurence Date: Thu, 4 Sep 2025 10:28:58 +0100 Subject: [PATCH 2/2] enhance: add note to say replace with WAN --- .../docs/log_processor/whitelist/ip_based_whitelist.md | 4 ++-- .../log_processor/whitelist/postoverflow_based_whitelist.md | 2 +- .../log_processor/whitelist/ip_based_whitelist.md | 4 ++-- .../log_processor/whitelist/ip_based_whitelist.md | 4 ++-- .../log_processor/whitelist/postoverflow_based_whitelist.md | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md b/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md index a80e6bc57..13bc1d2f9 100644 --- a/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md +++ b/crowdsec-docs/docs/log_processor/whitelist/ip_based_whitelist.md @@ -13,9 +13,9 @@ description: "Whitelist events from my ip addresses" whitelist: reason: "my ip ranges" ip: - - "192.168.1.1" + - "192.168.1.1" # Replace with your WAN IP cidr: - - "192.168.1.0/24" + - "192.168.1.0/24" # Replace with your WAN IP range ``` ```bash title="Reload CrowdSec" diff --git a/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md b/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md index 43f81a4ed..f7bf311b9 100644 --- a/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md +++ b/crowdsec-docs/docs/log_processor/whitelist/postoverflow_based_whitelist.md @@ -47,7 +47,7 @@ Tail the crowdsec log tail -f /var/log/crowdsec.log ``` -You should be able to see the following output: +You should be able to see the following output (note: the IP shown will be your actual WAN IP, not the example): ``` time="07-07-2020 17:11:09" level=info msg="Ban for 192.168.1.1 whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01 diff --git a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md index a80e6bc57..13bc1d2f9 100644 --- a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/whitelist/ip_based_whitelist.md @@ -13,9 +13,9 @@ description: "Whitelist events from my ip addresses" whitelist: reason: "my ip ranges" ip: - - "192.168.1.1" + - "192.168.1.1" # Replace with your WAN IP cidr: - - "192.168.1.0/24" + - "192.168.1.0/24" # Replace with your WAN IP range ``` ```bash title="Reload CrowdSec" diff --git a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md index a80e6bc57..13bc1d2f9 100644 --- a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/ip_based_whitelist.md @@ -13,9 +13,9 @@ description: "Whitelist events from my ip addresses" whitelist: reason: "my ip ranges" ip: - - "192.168.1.1" + - "192.168.1.1" # Replace with your WAN IP cidr: - - "192.168.1.0/24" + - "192.168.1.0/24" # Replace with your WAN IP range ``` ```bash title="Reload CrowdSec" diff --git a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md index 43f81a4ed..f7bf311b9 100644 --- a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md +++ b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/whitelist/postoverflow_based_whitelist.md @@ -47,7 +47,7 @@ Tail the crowdsec log tail -f /var/log/crowdsec.log ``` -You should be able to see the following output: +You should be able to see the following output (note: the IP shown will be your actual WAN IP, not the example): ``` time="07-07-2020 17:11:09" level=info msg="Ban for 192.168.1.1 whitelisted, reason [dont ban my ISP]" id=cold-sunset name=me/my_cool_whitelist stage=s01