[unixhero]

Hi

The main issue is that on my hosts where fail2ban are running, I see week on week activity and banned hosts.

When I look into cscli decisions or cscli metrics, it gives me the indication that nothing is happening which I don't believe is true. Maybe it is doing the work it promises, but I can't easily see it.

This could be a false negative, and that there genuinely is less malicious connection attempts. The busy fail2ban are bastion hosts on AWS, while the others are hosted on DigitalOcean. For me as a user though, I wish there was a way to see historically blocked hosts. The last time I looked half a year ago, this was not available in CrowdSec.

[klausagnoletti]

Hey and thanks for your reply. This is done easily in the cscli with the 'decisions' command: https://doc.crowdsec.net/docs/next/cscli/cscli_decisions. 'sudo cscli decisions list' lists all local decisions as you request :-). If you want to look into a decision, 'explain' is your friend: https://doc.crowdsec.net/docs/next/cscli/cscli_explain or simply look in /var/log/crowdsec.log (on Linux). I hope this answers your question. If not, you're welcome to ask again or join our Discord at https://discord.gg/crowdsec (which is by far the best way to get help fast).