Hi, I noticed that Authelia brute-force alerts don't display the targeted username in the CrowdSec Console or in cscli alerts inspect context.
The built-in brute-force context file (bf_base.yaml) reads evt.Meta.target_user, but the authelia-logs parser only sets evt.Meta.user. Other brute-force parsers like sshd-logs already set target_user, so this seems like an oversight.
I'm not deeply familiar with CrowdSec internals, but adding the following to the root statics section of authelia-logs.yaml fixed it for me without any errors:
statics:
- meta: target_user
expression: evt.Parsed.userAfter this change, the target_user field correctly appears in alert context both in the CLI and on the Console.
Hi, I noticed that Authelia brute-force alerts don't display the targeted username in the CrowdSec Console or in cscli alerts inspect context.
The built-in brute-force context file (bf_base.yaml) reads evt.Meta.target_user, but the authelia-logs parser only sets evt.Meta.user. Other brute-force parsers like sshd-logs already set target_user, so this seems like an oversight.
I'm not deeply familiar with CrowdSec internals, but adding the following to the root statics section of authelia-logs.yaml fixed it for me without any errors:
After this change, the target_user field correctly appears in alert context both in the CLI and on the Console.