I have about 800 domains all pointed at a vps, generating about a meg of logfiles per day and crowdsec is giving me eight alerts for ssh attacks.
Should it do more?
Installed the agent/bouncer for Rocky without any errors and I am running nginx/php8.1 all installed via aapanel which may be the problem.
From what I have seen they have butchered the standard nginx file structure.
Any suggestions?