Home Discord YouTube Disclaimer

Useful Commands

CrowdSec has the ability to be controlled and monitored, all via the command line. Whilst there is a wide range of commands you can run and try out for yourself, here are a few to get you started that we found useful. If you can think of any more that you use regularly, just let us know, and we will add them to the list!

Something to note, these commands can either be run via the host using the docker exec crowdsec cscli [command], or they can be run from within the container using the docker exec -it crowdsec /bin/bash command and then the normal cscli [command].

Update & Upgrade the CrowdSec Hub

docker exec crowdsec cscli hub update && docker exec crowdsec cscli hub upgrade

This command can actually be added to a cron job to be run regularly. This will keep the hub up to date at all times.

Metrics

This command will show metrics (parsed logs, buckets (leaky bucket mechanism link here), various statistics). If you would like to run this within the container, you could run:

docker exec -it crowdsec /bin/bash
cscli metrics

or if you would like to run it directly from the host, you can run:

docker exec crowdsec cscli metrics

Hub List

This command will let you see which parsers and scenarios are deployed. If you would like to run this within the container, you could run:

docker exec -it crowdsec /bin/bash
cscli hub list

or if you would like to run it directly from the host, you can run:

docker exec crowdsec cscli hub list

Decision List

This command allows you to see which IPs are banned, very useful to check if you are suddenly getting “Forbidden” pages when accessing your server. If you would like to run this within the container, you could run:

docker exec -it crowdsec /bin/bash
cscli decisions list

or if you would like to run it directly from the host, you can run:

docker exec crowdsec cscli decisions list

Alerts List

Alerts list will enable you to review and inspect CrowdSec alerts, i.e. detected attacks on your server. If you would like to run this within the container, you could run:

docker exec -it crowdsec /bin/bash
cscli alerts list

or if you would like to run it directly from the host, you can run:

docker exec crowdsec cscli alerts list

Block IP

Add an IP to the block list, you could add your IP to test if it's blocking requests. If you would like to run this within the container, you could run:

docker exec -it crowdsec /bin/bash
cscli decisions add --ip 1.2.3.4

or if you would like to run it directly from the host, you can run:

docker exec crowdsec cscli decisions add --ip 1.2.3.4

Allow IP

Remove an IP from the block list, in some cases this will be useful to unban yourself. If you would like to run this within the container, you could run:

docker exec -it crowdsec /bin/bash
cscli decisions delete -i 1.2.3.4

or if you would like to run it directly from the host, you can run:

docker exec crowdsec cscli decisions delete -i 1.2.3.4

The Official cscli Documentation

We would recommend you check out CrowdSec's outstanding official docs for the rest of the commands and have a play yourself.

PreviousDashboard

Last updated