Skip to content

Post Overflows

PostOverflows is secondary parsing phase that happens after a bucket overflowed. It behaves exactly like a Normal Parsing. However, instead of receiving event with logs, the parser receive events with alert representing the overflows.

The configuration resides in /etc/crowdsec/postoverflows/.