Hello
I installed the collection for ProFTP and i also reloaded the service.
As usual i expected tons of alerts as i experienced with Fail2Ban. But nothing happens.
I checked as good as possible the actual installation:
A “cscli collections list” shows the right collection “proftpd”
A “cscli scenarios list” shows me two scenarios: “proftpd-bf” and “proftpd-bf_user-enum”
A “cscli bouncers list” shows the “FirewallBouncer-1641465332”
This doens’t look really bad, i guess.
As a beginner with CrowdSec i’m not familiary how the log file “crowdsec-firewall-bouncer.log” should look after a few hours of working time. I can see a lot ot “decisions added” and “decisions deleted” entries.
What can i do for a more analysis?
Thanks