Hi,
I installed Crowdsec on a reverse proxy, and I had requests that were detected and generated alerts that shouldn’t be.
Is it possible to know what happens between each parsers to know if these detection are justified or not.
Best regards.
Hello,
You can run cscli explain -v --file '<path_to_logfile>' --type '<log_type>'
or cscli explain -v --log '<log_line>' --type '<log_type'>
to see what happen during the parsing.
Here is the link to the documentation: cscli explain | CrowdSec
Hi @Fox can you confirm that the proposed solution works?
Hi @klausagnoletti,
Yes, thank you for this solution @alteredCoder.
I apologize for the delay.
1 Like