The alert message from variable $alert.MachineID is “localhost”. This notification is sent from my crowdsec docker container on my Unraid server.
Just wonder why the value is “localhost”. As I install crowdsec on 3 servers, I prefer it to have the server name value so that I know the point of attack.
Or I can use another variable for messaging?
I guess this is now resolved as I answered on discord?
Replicated answer here:
If you are running via docker as the tags suggest you can provide a custom hostname via the environment variables examples
services:
crowdsec:
environment:
- CUSTOM_HOSTNAME=MyCustomHostname
ref: https://hub.docker.com/r/crowdsecurity/crowdsec
Note: once you restart the container it will add the custom hostname but there may be duplicate records depending on how to configure CrowdSec (multiserver or single instance)