cscli collections install Dominic-Wagner/vaultwardenA collection to defend Vaultwarden instance against common attacks :
Example acquisition for this collection :
If using LOG_FILE environment variable:
1---2filenames:3 - /var/log/vaultwarden.log4labels:5 type: Vaultwarden
If running via systemd:
1---2source: journalctl3journalctl_filter:4 - "SYSLOG_IDENTIFER=Vaultwarden"5labels:6 type: Vaultwarden
In the default configuration of vaultwarden logs, the timestamp uses system local time. This means that detection may not work as expected as CrowdSec uses UTC time. To fix this, you can configure vaultwarden to log the offset from UTC time. To do this, head over to Vaultwarden Admin Panel -> Advanced Settings -> Log timestamp format and change format to %Y-%m-%d %H:%M:%S.%3f%z.