Hello people. I just started testing crowdsec. I installed Crowdsec 1.3.0 (no bouncer yet) and used wizard.sh -c to get everything i need (i guess?) i got the packages for e.g. apache. crowdsec is active and running. Now i used nessu for an web app scan on the servers apache. But i dont get any results in the /var/log/crowdsec.log ( following Get started with CrowdSec v1.1.x - The open-source & collaborative IPS ). Any ressources on what i might do wrong or should do?
It seems you already ask the same on gitter.
wizard.sh -c will not detect all the services, only the common ones. So depend what services do you need to monitor.
From which network the attacks are performed ? If it’s from private network, may be you are not detecting attacks because of default whitelist that is installed.
You can confirm this showing the parsers
sudo cscli parsers list