I installed Crowdsec on a reverse proxy, and I had requests that were detected and generated alerts that shouldn’t be.
Is it possible to know what happens between each parsers to know if these detection are justified or not.
You can run
cscli explain -v --file '<path_to_logfile>' --type '<log_type>' or
cscli explain -v --log '<log_line>' --type '<log_type'> to see what happen during the parsing.
Here is the link to the documentation: cscli explain | CrowdSec
Hi @Fox can you confirm that the proposed solution works?