10 min read

CrowdSec Web UI: The Dashboard CrowdSec Should Have Shipped With

CrowdSec told me it was working, but I wanted to see it. Here's how I deployed CrowdSec Web UI for live alerts, geo-mapped attacks, and notifications - without giving up local control.
Screenshot showing CrowdSec WebUI Dashboard in all it's glory - Globally visualized attack data!
CrowdSec WebUI Dashboard in all it's glory - Globally visualized attack data!

When I first deployed CrowdSec, I had the same experience many self-hosters do. The logs showed some activity, the bouncer was blocking IPs! cscli metrics looked healthy. But I still found myself asking:

Is CrowdSec actually doing anything?
CrowdSec Installed but Showing No Decisions? Here’s Why That’s Normal
Installed CrowdSec but see empty logs? Don’t panic. Learn how to verify your “invisible shield,” investigate attacker logs, and whitelist your own IP.

There is a specific kind of satisfaction that comes from watching your local logs go quiet because your firewall is doing its job. But in the Scrap Lab, "quiet" can sometimes feel like "empty."

But then, I decided to flip the switch on the CAPI (Central API) feed.

Sure, I could dig through command-line output and query the Local API directly, but neither gave me a quick, visual overview of what was happening across my environment.

That's where CrowdSec Web UI comes in.

📋 TL;DR Summary: CrowdSec Web UI for Observability

Built by TheDuffman85, CrowdSec Web UI is a lightweight, self-hosted dashboard that connects directly to your CrowdSec Local API (LAPI) and turns raw security events into something you can actually understand at a literal glance.

This is part of the my Homelab Observability Series:

📡
This post is on early-access preview for paid subscribers ❤️.

It will be made public on Tues July 7th 2026!

This post is for paying subscribers only