Useful Commands
CrowdSec has the ability to be controlled and monitored, all via the command line. Whilst there is a wide range of commands you can run and try out for yourself, here are a few to get you started that we found useful. If you can think of any more that you use regularly, just let us know, and we will add them to the list!
Something to note, these commands can either be run via the host using the
docker exec crowdsec cscli [command], or they can be run from within the container using the docker exec -it crowdsec /bin/bash command and then the normal cscli [command]. docker exec crowdsec cscli hub update && docker exec crowdsec cscli hub upgrade
This command can actually be added to a cron job to be run regularly. This will keep the hub up to date at all times.
This command will show metrics (parsed logs, buckets (leaky bucket mechanism link here), various statistics). If you would like to run this within the container, you could run:
docker exec -it crowdsec /bin/bash
cscli metrics
or if you would like to run it directly from the host, you can run:
docker exec crowdsec cscli metrics
This command will let you see which parsers and scenarios are deployed. If you would like to run this within the container, you could run:
docker exec -it crowdsec /bin/bash
cscli hub list
or if you would like to run it directly from the host, you can run:
docker exec crowdsec cscli hub list
This command allows you to see which IPs are banned, very useful to check if you are suddenly getting “Forbidden” pages when accessing your server. If you would like to run this within the container, you could run:
docker exec -it crowdsec /bin/bash
cscli decisions list
or if you would like to run it directly from the host, you can run:
docker exec crowdsec cscli decisions list
Alerts list will enable you to review and inspect CrowdSec alerts, i.e. detected attacks on your server. If you would like to run this within the container, you could run:
docker exec -it crowdsec /bin/bash
cscli alerts list
or if you would like to run it directly from the host, you can run:
docker exec crowdsec cscli alerts list
Add an IP to the block list, you could add your IP to test if it's blocking requests. If you would like to run this within the container, you could run:
docker exec -it crowdsec /bin/bash
cscli decisions add --ip 1.2.3.4
or if you would like to run it directly from the host, you can run:
docker exec crowdsec cscli decisions add --ip 1.2.3.4
Remove an IP from the block list, in some cases this will be useful to unban yourself. If you would like to run this within the container, you could run:
docker exec -it crowdsec /bin/bash
cscli decisions delete -i 1.2.3.4
or if you would like to run it directly from the host, you can run:
docker exec crowdsec cscli decisions delete -i 1.2.3.4
We would recommend you check out CrowdSec's outstanding official docs for the rest of the commands and have a play yourself.
Last modified 1yr ago