Fetch Crowdsec's latest version here.
tar xvzf crowdsec-release.tgz
A wizard is provided to help you deploy Crowdsec and cscli.
Using the interactive wizard¶
sudo ./wizard.sh -i
The wizard is going to guide you through the following steps :
- detect services that are present on your machine
- detect selected services logs
- suggest collections (parsers and scenarios) to deploy
- deploy & configure Crowdsec in order to watch selected logs for selected scenarios
The process should take less than a minute, please report if there are any issues.
You are then ready to take a tour of your freshly deployed Crowdsec !
you of little faith
sudo ./wizard.sh --bininstall
This will deploy a valid/empty Crowdsec configuration files and binaries. Beware, in this state, Crowdsec won't monitor/detect anything unless configured.
cscli install collection crowdsecurity/linux
Installing at least the
crowdsecurity/linux collection will provide you :
- syslog parser
- geoip enrichment
- date parsers
You will need as well to configure your acquisition file to feed Crowdsec some logs.
Go in Crowdsec folder and build the binaries :
Crowdsec bin will be located in
./cmd/crowdsec/crowdsec and cscli bin in