CrowdSec has the ability to be controlled and monitored, all via the command line. Whilst there is a wide range of commands you can run and try out for yourself, here are a few to get you started that we found useful. If you can think of any more that you use regularly, just let us know, and we will add them to the list!
Something to note, these commands can either be run via the host using the docker exec crowdsec cscli [command]
, or they can be run from within the container using the docker exec -it crowdsec /bin/bash
command and then the normal cscli [command]
.
This command can actually be added to a cron job to be run regularly. This will keep the hub up to date at all times.
This command will show metrics (parsed logs, buckets (leaky bucket mechanism link here), various statistics). If you would like to run this within the container, you could run:
or if you would like to run it directly from the host, you can run:
This command will let you see which parsers and scenarios are deployed. If you would like to run this within the container, you could run:
or if you would like to run it directly from the host, you can run:
This command allows you to see which IPs are banned, very useful to check if you are suddenly getting “Forbidden” pages when accessing your server. If you would like to run this within the container, you could run:
or if you would like to run it directly from the host, you can run:
Alerts list will enable you to review and inspect CrowdSec alerts, i.e. detected attacks on your server. If you would like to run this within the container, you could run:
or if you would like to run it directly from the host, you can run:
Add an IP to the block list, you could add your IP to test if it's blocking requests. If you would like to run this within the container, you could run:
or if you would like to run it directly from the host, you can run:
Remove an IP from the block list, in some cases this will be useful to unban yourself. If you would like to run this within the container, you could run:
or if you would like to run it directly from the host, you can run:
We would recommend you check out CrowdSec's outstanding official docs for the rest of the commands and have a play yourself.