CS apparently not doing anything

I have about 800 domains all pointed at a vps, generating about a meg of logfiles per day and crowdsec is giving me eight alerts for ssh attacks.

Should it do more?

Installed the agent/bouncer for Rocky without any errors and I am running nginx/php8.1 all installed via aapanel which may be the problem.

From what I have seen they have butchered the standard nginx file structure.

Any suggestions?


Can you paste the output of cscli metrics please?