no alerts at engine side, even id bounder drop traffic #142
Description
Hi, i've set the haproxy-spoa-bouncer on some front servers, connected to the crowdsec engine
i did only set the ban action, for all blocklists
i can see dropped requests from my bouncer's metrics
# docker compose exec crowdsec cscli metrics show bouncers
╭────────────────────────────────────────────────────────────────────────╮
│ Bouncer Metrics (haproxy-spoa-front01) since 2025-12-11 13:43:16 +0000 │
│ UTC │
├───────────────────────────────┬──────────────────┬─────────┬───────────┤
│ Origin │ active_decisions │ dropped │ processed │
│ │ IPs │ request │ request │
├───────────────────────────────┼──────────────────┼─────────┼───────────┤
│ CAPI (community blocklist) │ 33.97k │ 210 │ - │
│ cscli (manual decisions) │ 0 │ 0 │ - │
│ lists:crowdsec_botnet │ 24.13k │ 519 │ - │
│ lists:crowdsec_cve_2025_55182 │ 8.85k │ - │ - │
│ lists:crowdsec_mail │ 7.96k │ - │ - │
│ lists:crowdsec_proxy │ 15.26k │ 222 │ - │
│ lists:crowdsec_wordpress │ 21.72k │ 94 │ - │
│ lists:firehol_botscout_7d │ 1.39k │ 179 │ - │
│ lists:firehol_cybercrime │ 169 │ - │ - │
│ lists:firehol_greensnow │ 745 │ 11 │ - │
│ lists:firehol_sslproxies_7d │ 421 │ 2 │ - │
│ lists:free_proxies │ 27.70k │ 65 │ - │
├───────────────────────────────┼──────────────────┼─────────┼───────────┤
│ Total │ 142.31k │ 1.30k │ 22.57k │
╰───────────────────────────────┴──────────────────┴─────────┴───────────╯
╭────────────────────────────────────────────────────────────────────────╮
│ Bouncer Metrics (haproxy-spoa-front02) since 2025-12-11 13:43:15 +0000 │
│ UTC │
├───────────────────────────────┬──────────────────┬─────────┬───────────┤
│ Origin │ active_decisions │ dropped │ processed │
│ │ IPs │ request │ request │
├───────────────────────────────┼──────────────────┼─────────┼───────────┤
│ CAPI (community blocklist) │ 33.96k │ 240 │ - │
│ cscli (manual decisions) │ 0 │ - │ - │
│ lists:crowdsec_botnet │ 24.13k │ 461 │ - │
│ lists:crowdsec_cve_2025_55182 │ 8.85k │ - │ - │
│ lists:crowdsec_mail │ 7.96k │ - │ - │
│ lists:crowdsec_proxy │ 15.26k │ 215 │ - │
│ lists:crowdsec_wordpress │ 21.72k │ 95 │ - │
│ lists:firehol_botscout_7d │ 1.39k │ 281 │ - │
│ lists:firehol_cybercrime │ 169 │ - │ - │
│ lists:firehol_greensnow │ 745 │ - │ - │
│ lists:firehol_sslproxies_7d │ 421 │ 1 │ - │
│ lists:free_proxies │ 27.70k │ 53 │ - │
├───────────────────────────────┼──────────────────┼─────────┼───────────┤
│ Total │ 142.31k │ 1.35k │ 21.37k │
╰───────────────────────────────┴──────────────────┴─────────┴───────────╯
but i still get a msg in the crowdsec dashboard stating no alerts since 2025-12-11
i can confirm that, at crowdse engine level, it reports no alerts
# docker compose exec crowdsec cscli alert list
No active alerts
but i can confirm that blocking do work from haproxy logs. any idea why, is it expected ?