cscli collections install crowdsecurity/iptablesA collection for portscan detection via iptables/nftables :
-j LOG)Example acquisition for this collection :
filenames:
- /var/log/kern.log
labels:
type: syslogDebian 12 example (without rsyslog)
source: journalctl
journalctl_filter:
- "-k"
labels:
type: syslognotes :