Installation¶
Fetch Crowdsec's latest version here.
tar xvzf crowdsec-release.tgz
cd crowdsec-v0.X.X
A wizard is provided to help you deploy Crowdsec and cscli.
Using the interactive wizard¶
sudo ./wizard.sh -i
The wizard is going to guide you through the following steps :
- detect services that are present on your machine
- detect selected services logs
- suggest collections (parsers and scenarios) to deploy
- deploy & configure Crowdsec in order to watch selected logs for selected scenarios
The process should take less than a minute, please report if there are any issues.
You are then ready to take a tour of your freshly deployed Crowdsec !
Binary installation¶
you of little faith
sudo ./wizard.sh --bininstall
This will deploy a valid/empty Crowdsec configuration files and binaries. Beware, in this state, Crowdsec won't monitor/detect anything unless configured.
cscli install collection crowdsecurity/linux
Installing at least the crowdsecurity/linux
collection will provide you :
- syslog parser
- geoip enrichment
- date parsers
You will need as well to configure your acquisition file to feed Crowdsec some logs.
From source¶
Go in Crowdsec folder and build the binaries :
cd crowdsec
make build
Crowdsec bin will be located in ./cmd/crowdsec/crowdsec
and cscli bin in cmd/crowdsec-cli/
Now, you can install either with interactive wizard or the unattended mode.