Bastion exposes CrowdSec metrics as a structured JSON snapshot consumed by the Plesk dashboard. The source is always cscli metrics -o json, transformed for compactness.
What the dashboard surfaces
| Widget | Source | Refresh |
|---|---|---|
| AppSec block-rate | appsec-engine.{processed,blocked} | 60 s |
| Bouncers status | cscli bouncers list | 60 s |
| Top scenarios firing | aggregated from cscli alerts list | 60 s |
| Parser throughput | parsers.* events/min | 60 s |
| LAPI health | cscli lapi status | 30 s |
| Decisions live | cscli decisions list -o json | on demand |
The MetricsService inside the extension caches results for 60 s, cscli metrics itself is cheap, but cache avoids hammering the engine on dashboard refresh.
Read metrics from the CLI
The extension ships two helper scripts (metrics-snapshot.sh and decisions-summary.sh) under its sbin/ directory. Their exact location is printed in the extension’s About panel and shown to active subscribers in the customer portal. Both wrap standard CrowdSec output:
# Raw CrowdSec output (vendor commands, work everywhere)
sudo cscli metrics -o json | jq '.appsec-engine'
sudo cscli bouncers list -o jsonThe dashboard payload includes computed fields: AppSec block_rate (% blocked/processed), top-3 scenarios, total parsers/scenarios/bouncers/whitelists.
Decision aggregations
decisions-summary.sh returns at-a-glance counts grouped by scenario, country, and ASN. The script lives in the extension’s sbin/ directory and is exposed in the panel UI.
Health checks for external monitoring
A dedicated panel health endpoint is on the roadmap. Today, external monitors can poll the standard CrowdSec API health endpoint or watch the bouncer last-pull timestamp via cscli bouncers list.
Logs to scrape
- CrowdSec engine logs, parsers, scenarios.
- CrowdSec API logs, LAPI traffic.
- Bastion upgrade hook logs, APT upgrade hook outcomes.
Standard syslog rotation rules apply; configure your retention policy as you do for other system services.