Blocked DDoS Metrics

Thanks to CrowdSec, we were able to block an apparent DDoS against a school district’s sites. After reviewing logs, etc I was wondering if there’s a way with CrowdSec or another way to see how much traffic has been blocked. With the WAF we use, we can see all blocked traffic, but with CrowdSec firewalling the traffic, we don’t have a good metric of its impact.

1 Like

Only way I see is to have your bouncer verbose about blocked traffic (deny-log here).
Then render the logs, using something like Iptables Montoring Dashboard dashboard for Grafana | Grafana Labs.