This method allows CrowdSec to send addresses to Artica PCAP, so that when CrowdSec wants to block or remove an address, it will be added to the ProxMox and/or Fortigate server and/or an IPSet on the local firewall.
Note if you using Artica appliance, all these operation are made automatically, this is only for using Artica PCAP filter without Artica.
Follow this documentation to install the the Customer bouncer https://docs.crowdsec.net/docs/bouncers/custom/
Run the command cscli bouncers add "custom-bouncer" and get the API key send in the output
Edit /etc/crowdsec/bouncers/crowdsec-custom-bouncer.yaml
change the bin_path to the path where is located the articapsniffer binary and the api_key with the key generated by the cscli bouncers add command
bin_path: /usr/local/sbin/articapsnifferbin_args: []feed_via_stdin: falsetotal_retries: 0 scenarios_containing: [] scenarios_not_containing: [] origins: []piddir: /var/run/update_frequency: 10scache_retention_duration: 10sdaemonize: truelog_mode: filelog_dir: /var/log/log_level: infolog_compression: truelog_max_size: 100log_max_backups: 3log_max_age: 30api_url: http://localhost:8080/apikey:123456prometheus: enabled: true listen_addr: 127.0.0.1 listen_port: 60602
When Artica PCAP filter is executed by CrowdSec Custom bouncer it will log inside /var/log/crowdsec-custom-bouncer.log lines like
time="12-08-2023 21:30:16" level=info msg="Processing decision 202.115.73.205 Scenario crowdsecurity/ssh-bf/crowdsecurity/ssh-bf"