Alerts persistence?

ayucel · August 21, 2023, 7:39pm

Hello there,

I tried to look in the documentation and the thread, but couldn’t find an answer for the following questions.

Is there a specific time period for how long an alert can be persistent and if there is a mechanism that actually cleans up alerts that are old(expired alerts)? Or will it stay until the alert will be deleted via cscli alerts delete command and would that remove an entry from the postgres?

Also I would like to know, is there a possibility to import alerts/decisions from a db, in scenario where db was down and we had to recover it from the backup?

Thank you.

iiAmLoz · August 22, 2023, 9:35am

Alerts are held in correspondence of the flush settings CrowdSec Configuration | CrowdSec

cscli alerts delete will only soft delete the alert and then when the flush timer hits it will eject it from the database.

Also I would like to know, is there a possibility to import alerts/decisions from a db, in scenario where db was down and we had to recover it from the backup?

Not directly but you can look at the cscli decisions import command cscli decisions import | CrowdSec but it will treat them as new decisions.

Topic		Replies	Views
Whats the difference? crowdsec	7	535	September 18, 2023
Decisions history? crowdsec	1	631	November 7, 2022
Cosole engine alerts	3	127	February 21, 2024
Not able to delete a decision with an API (cookie-token is missing) crowdsec	3	641	October 14, 2022
Registring on the website?	3	668	September 24, 2020

Alerts persistence?

Related Topics