Proper way to setup Crowdsec with Nginx Proxy Manager?

[iaintnodev]

Hi, want to use Crowdsec with Nginx Proxy Manager and I'm wondering how to make sure everything works correctly - I installed NPM (which works fine) and then Crowsdec into the same container, after that I created account on the Crowdsec website, enrolled Security Engine in the LXC and I can see it on the Crowdsec Website.

But I'm not really sure if Crowdsec can read the NPM logs properly - using cscli metrics I don't see any logs mentioned in the output. There is some log parser on Crowdsec website (https://app.crowdsec.net/hub/author/crowdsecurity/configurations/nginx-proxy-manager-logs) but installing it doesn't seem to do anything - maybe because the Helper script is customized and not using docker unlike the official nginx proxy manager version?

I also tried to get some alerts by using incorrect login multiple times - I can see my attempts in /data/logs/proxy-host-1_access.log but no idea if it's enough to trigger Crowdsec. The only activity on the Crowdsec website I got was after testing the bouncer using cscli decisions add --ip your.ip.address --duration 5m --reason "testing".

Thanks for any tips!

[iaintnodev]

Looks like I made it work, the file /etc/crowdsec/acquis.yaml points to /usr/local/openresty/nginx/logs/ but the logs there are mostly empty, so I added /data/logs/proxy-host-*.log, changed type: nginx to type: nginx-proxy-manager and now the logs are finally parsed and I managed to get myself banned after testing with Nikto scanner.