cscli alerts list | grep community | 1733 | crowdsec/community-blocklist | update : +4714/-0 IPs | | | ban:4714 | 2022-01-27 09:27:54 +0100 | | 1729 | crowdsec/community-blocklist | update : +4681/-0 IPs | | | ban:29 | 2022-01-27 07:27:54 +0100 | | 1724 | crowdsec/community-blocklist | update : +4641/-0 IPs | | | ban:14 | 2022-01-27 05:27:54 +0100 |
wizard.sh -c will not detect all the services, only the common ones. So depend what services do you need to monitor.
From which network the attacks are performed ? If it's from private network, may be you are not detecting attacks because of default whitelist that is installed.
You can confirm this showing the parsers
sudo cscli parsers list
- name: check if Crowdsec CLI cscli exist stat: path: /usr/bin/cscli register: stat_result - name: Update Crowdsec hub command: "cscli hub update" when: stat_result.stat.exists - name: Upgrade Crowdsec hub command: "cscli hub upgrade" when: stat_result.stat.exists
become_flags: '-i'makes sudo load http_proxy env var on remote host (http_proxy var are set in /etc/profile on remote)