Parsing of the Vaultwarden logs

Eirikr70 · September 27, 2025, 7:56am

Hello,

I have set up the Vaultwarden scenario by Dominic Wagner. I have set the logging system at the format proposed on the hub. The scenario is active and reads the logs but seems to be unable to parse them.

cscli metrics
╭─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Acquisition Metrics │
├───────────────────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────┤
│ Source │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├───────────────────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
│ docker:immich_server │ 1.14k │ - │ 1.14k │ - │ - │
│ file:/var/log/mail.log │ 109 │ 48 │ 61 │ - │ 48 │
│ file:/var/log/nginx/access.log │ 36.84k │ 36.84k │ 6 │ 1.89k │ 35.80k │
│ file:/var/log/nginx/error.log │ 1.39k │ 40 │ 1.35k │ 23 │ - │
│ file:/var/log/nginx/unauthorized.log │ 6 │ 6 │ - │ - │ 6 │
│ file:/var/log/vaultwarden/vaultwarden.log │ 121 │ - │ 121 │ - │ - │
╰───────────────────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯

Did I miss something or is it dedicated to parsing only “bad logs” ?

Thank you

iiAmLoz · September 28, 2025, 6:24am

Yes the parser is only looking for failed auth or failed mfa logins, general logs or valid authentications do not get parsed.

Topic		Replies	Views
Parser not working with vaultwarden crowdsec	1	214	August 31, 2024
Help: having only unparsed logs	7	5223	April 8, 2021
Logs in Dominic-Wagner/vaultwarden collection are not getting parsed	10	1295	April 4, 2024
Using Grafana Loki to parse specific Docker container logs crowdsec	10	695	January 23, 2025
Crowdsec not parsing docker log	8	498	July 2, 2025

Parsing of the Vaultwarden logs

Related topics