From cedd360ebd8d66b9bc7ef1ab986abc9c8ffeebc4 Mon Sep 17 00:00:00 2001
From: Jean-Kevin KPADEY <9912558+mivek@users.noreply.github.com>
Date: Sat, 25 Nov 2023 11:02:42 +0100
Subject: [PATCH] docs: add a new example explaining how to integrate crowdsec
 with (#3651)

---
 docs/content/examples/tutorials/crowdsec.md | 74 +++++++++++++++++++++
 docs/mkdocs.yml                             |  1 +
 2 files changed, 75 insertions(+)
 create mode 100644 docs/content/examples/tutorials/crowdsec.md

diff --git a/docs/content/examples/tutorials/crowdsec.md b/docs/content/examples/tutorials/crowdsec.md
new file mode 100644
index 00000000..2e8efe06
--- /dev/null
+++ b/docs/content/examples/tutorials/crowdsec.md
@@ -0,0 +1,74 @@
+---
+title: 'Tutorials | Crowdsec'
+---
+
+!!! quote "What is Crowdsec?"
+    
+    Crowdsec is an open source software that detects and blocks attackers using log analysis.
+    It has access to a global community-wide IP reputation database.
+
+    [Source](https://www.crowdsec.net)
+
+## Installation
+
+Crowdsec supports multiple [installation methods][crowdsec-installation-docs], however this page will use the docker installation.
+
+
+### Docker mailserver
+
+In your `compose.yaml` for the DMS service, add a bind mount volume for `/var/log/mail`. This is to share the DMS logs to a separate crowdsec container.
+
+!!! example 
+    ```yaml
+    services:
+      mailserver:
+          - /docker-data/dms/mail-logs/:/var/log/mail/
+    ```
+
+### Crowdsec
+
+The crowdsec container should also bind mount the same host path for the DMS logs that was added in the DMS example above.
+
+```yaml
+services:
+  image: crowdsecurity/crowdsec
+  restart: unless-stopped
+  ports:
+    - "8080:8080"
+    - "6060:6060"
+  volumes:
+    - /docker-data/dms/mail-logs/:/var/log/dms:ro
+    - ./acquis.d:/etc/crowdsec/acquis.d
+    - crowdsec-db:/var/lib/crowdsec/data/
+  environment:
+    # These collection contains parsers and scenarios for postfix and dovecot
+    COLLECTIONS: crowdsecurity/postfix crowdsecurity/dovecot
+    TZ: Europe/Paris
+volumes:
+  crowdsec-db:
+```
+
+## Configuration
+
+Configure crowdsec to read and parse DMS logs file.
+
+!!! example
+
+    Create the file `dms.yml` in `./acquis.d/`
+    
+    ```yaml
+    ---
+    source: file
+    filenames:
+      - /var/log/dms/mail.log
+    labels:
+      type: syslog
+    ```
+
+!!! warning Bouncers
+
+    Crowdsec on its own is just a detection software, the remediation is done by components called bouncers.
+    This page does not explain how to install or configure a bouncer. It can be found in [crowdsec documentation][crowdsec-bouncer-docs].
+
+[crowdsec-installation-docs]: https://doc.crowdsec.net/docs/getting_started/install_crowdsec
+[crowdsec-bouncer-docs]: https://doc.crowdsec.net/docs/bouncers/intro
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index fdc2bc59..bd41a798 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -157,6 +157,7 @@ nav:
     - 'Tutorials':
       - 'Basic Installation': examples/tutorials/basic-installation.md
       - 'Mailserver behind Proxy': examples/tutorials/mailserver-behind-proxy.md
+      - 'Crowdsec': examples/tutorials/crowdsec.md
       - 'Building your own Docker image': examples/tutorials/docker-build.md
       - 'Blog Posts': examples/tutorials/blog-posts.md
     - 'Use Cases':