# CrowdSec acquisition configuration
# This tells CrowdSec where to find logs to analyze

filenames:
  # Traefik access logs
  - /var/log/traefik/access.log
  # Traefik application logs  
  - /var/log/traefik/traefik.log
labels:
  type: traefik

---
# System authentication logs (if available)
filenames:
  - /var/log/auth.log
labels:
  type: syslog

---
# Journald (if running on host)
journald_filter:
  - "SYSLOG_IDENTIFIER=sshd"
labels:
  type: syslog