Post Overflows¶
PostOverflows is secondary parsing phase that happens after a bucket overflowed. It behaves exactly like a Normal Parsing. However, instead of receiving event with logs, the parser receive events with alert representing the overflows.
The configuration resides in /etc/crowdsec/postoverflows/
.