Skip to content

Installation

Fetch Crowdsec's latest version here.

tar xvzf crowdsec-release.tgz

cd crowdsec-v0.X.X

A wizard is provided to help you deploy Crowdsec and cscli.

Using the interactive wizard

sudo ./wizard.sh -i

crowdsec

The wizard is going to guide you through the following steps :

  • detect services that are present on your machine
  • detect selected services logs
  • suggest collections (parsers and scenarios) to deploy
  • deploy & configure Crowdsec in order to watch selected logs for selected scenarios

The process should take less than a minute, please report if there are any issues.

You are then ready to take a tour of your freshly deployed Crowdsec !

Binary installation

you of little faith

sudo ./wizard.sh --bininstall

This will deploy a valid/empty Crowdsec configuration files and binaries. Beware, in this state, Crowdsec won't monitor/detect anything unless configured.

cscli install collection crowdsecurity/linux

Installing at least the crowdsecurity/linux collection will provide you :

  • syslog parser
  • geoip enrichment
  • date parsers

You will need as well to configure your acquisition file to feed Crowdsec some logs.

From source

Requirements

  • Go v1.13+
  • git clone https://github.com/crowdsecurity/crowdsec
  • jq

Go in Crowdsec folder and build the binaries :

cd crowdsec

make build

Crowdsec bin will be located in ./cmd/crowdsec/crowdsec and cscli bin in cmd/crowdsec-cli/

Now, you can install either with interactive wizard or the unattended mode.