diff --git a/secrets.nix b/secrets.nix
index fd66a09..4fcf4be 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -3,6 +3,7 @@ let
   users = [tbarnouin];
 
   grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
+  redis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAbU7uRlNmFIazfJVnibUnwq5OvtV8wb3PYFFYJfZc4 root@redis";
   onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAEHTFFQoi8PtzkdTEeA5lGELFS01J51GLLjrnySJM7R root@onlyoffice";
   postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql";
   forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
@@ -36,4 +37,6 @@ in {
   "secrets/cs-lapi-key.age".publicKeys = users ++ systems;
 
   "secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin];
+  
+  "secrets/redis-lapi-key.age".publicKeys = [tbarnouin redis];
 }
diff --git a/secrets/redis-lapi-key.age b/secrets/redis-lapi-key.age
new file mode 100644
index 0000000..5f64942
--- /dev/null
+++ b/secrets/redis-lapi-key.age
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA0cTRx
+eU1JYXUrMWNrZEprU3JVeVpaeXBBQy9yV1N1TTBSL1M5cUF0MFNFCmVvb09oTlZJ
+V1Z6MXZrbDNkNHlGMnBRNzlDSjl5RjZGbFJ3MGoxUC9oSG8KLT4gc3NoLWVkMjU1
+MTkgd25FVXB3IEVUUVMycHFpRXJCalRmRXMvMVdWc3E3WWViNWNmSUMrRURzU3ds
+V2dPajgKSGdNKzBaektIUVI3azBvMS9JKzVualdMSnRXSU1hWFphT3JZRCtrN3hh
+VQotPiBULGYtZ3JlYXNlICxkQi0iIGZJMEA3PWBrICkKNFQvcVZkdk5POHVhbWta
+Y0JJZk16dTdvb2dUR2kxY1l1NlM3dVRzRlk2dzJGT01pWFpUTkR6djgyNEpTZVp6
+WAowOWIxQ2M0NGl3cXljblJObDdwNkU2WUtxeWxKcWFtdHcrTE5jUFA0Zm1MNVhz
+dkRYU3NNK0ZrQmRBCi0tLSAzQXBESGl2eTh3MTNoK0l2T2JtVGhHVXNhaTJvWURB
+RXUyaDlSa2hIRlFzCgPQYsOV9N597izBEFraiwGqiRt7A/Mcoq6puAEfBKlAw+Wh
+4btrDkHPIGek/2q3mg2rUKGbsmeF4AUOijxPzOExbAM7I5rsl9cxq94BcsjKl6Go
+3O1Ep2S/WfGP/TFlLSeFzcpTJmv72MWGyFcoWKWq/mlWzG+vzg8l/hasOO5uPcqt
+vs8ZPiMXaojmGglmdgZUNsoqmg==
+-----END AGE ENCRYPTED FILE-----
diff --git a/services/redis/default.nix b/services/redis/default.nix
index db56381..aa3e705 100644
--- a/services/redis/default.nix
+++ b/services/redis/default.nix
@@ -10,14 +10,34 @@ in {
     enable = lib.mkEnableOption "Enable minimal config";
   };
   config = lib.mkIf cfg.enable {
-    services.redis = {
-      vmOverCommit = true;
-      servers.redis = {
-        enable = true;
-        port = 6379;
-        bind = "0.0.0.0";
-        settings = {
-          protected-mode = "no";
+    age.secrets.redis-lapi-key = {
+      file = ../../secrets/redis-lapi-key.age;
+      owner = "crowdsec";
+    };
+    services = {
+      crowdsec = {
+        settings.lapi.credentialsFile = "${config.age.secrets.redis-lapi-key.path}";
+        localConfig = {
+          acquisitions = [
+            {
+              source = "journalctl";
+              journalctl_filter = [ "_SYSTEMD_UNIT=redis.service" ];
+              labels = {
+                type = "syslog";
+              };
+            }
+          ];
+        };
+      };
+      redis = {
+        vmOverCommit = true;
+        servers.redis = {
+          enable = true;
+          port = 6379;
+          bind = "0.0.0.0";
+          settings = {
+            protected-mode = "no";
+          };
         };
       };
     };
diff --git a/systems/minimalLXCConfig.nix b/systems/minimalLXCConfig.nix
index 2834477..f7a409b 100644
--- a/systems/minimalLXCConfig.nix
+++ b/systems/minimalLXCConfig.nix
@@ -129,7 +129,7 @@
     rsyslogd = {
       enable = true;
       extraConfig = ''
-        *.* action(type="omfwd" target="192.168.1.27" port="1514" protocol="tcp")
+        *.* action(type="omfwd" target="192.168.1.27" port="1514" protocol="tcp" Template="RSYSLOG_SyslogProtocol23Format")
       '';
     };
     prometheus = {