Limit the Number of Notifications

Hi. I am trying to understand how to limit the number of notifications that I receive from Crowdsec. I want to continue to ban IPs but I only want to receive a notification for clusters of alerts. I am looking at the group_wait and group_threshold settings but I don’t understand how they interact. Is the notification only sent when the group_threshold is exceeded within the group_wait period? For example, more than 10 alerts in 30 seconds. Or are they both independent? Can anyone give me any hints?


Cross-posted from gitter

The first met condition actually triggers the notification. For example you can set a group_wait at 30m and a group_thrshold at 10, and you’ll get either notification every 30m or get a bunch of 10 notification if that threshold is met. You can even set your group_threshold to 0 to have notifications every 30m.


Thanks for posting here but you really don’t need to crosspost. We monitor both Discourse and Gitter :sunglasses:

Sorry. Gitter was silent for a few days so I wasn’t sure. I won’t do it again.


1 Like