diff --git a/install/config/crowdsec/acquis.d/appsec.yaml b/install/config/crowdsec/acquis.d/appsec.yaml
new file mode 100644
index 00000000..2cebf9ee
--- /dev/null
+++ b/install/config/crowdsec/acquis.d/appsec.yaml
@@ -0,0 +1,6 @@
+listen_addr: 0.0.0.0:7422
+appsec_config: crowdsecurity/appsec-default
+name: myAppSecComponent
+source: appsec
+labels:
+  type: appsec
diff --git a/install/config/crowdsec/acquis.d/traefik.yaml b/install/config/crowdsec/acquis.d/traefik.yaml
new file mode 100644
index 00000000..11d9d0b8
--- /dev/null
+++ b/install/config/crowdsec/acquis.d/traefik.yaml
@@ -0,0 +1,5 @@
+poll_without_inotify: false
+filenames:
+  - /var/log/traefik/*.log
+labels:
+  type: traefik
diff --git a/install/config/crowdsec/acquis.yaml b/install/config/crowdsec/acquis.yaml
deleted file mode 100644
index 74d8fd1c..00000000
--- a/install/config/crowdsec/acquis.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-filenames:
- - /var/log/auth.log
- - /var/log/syslog
-labels:
-  type: syslog
----
-poll_without_inotify: false
-filenames:
-  - /var/log/traefik/*.log
-labels:
-  type: traefik
----
-listen_addr: 0.0.0.0:7422
-appsec_config: crowdsecurity/appsec-default
-name: myAppSecComponent
-source: appsec
-labels:
-  type: appsec
\ No newline at end of file
diff --git a/install/config/crowdsec/docker-compose.yml b/install/config/crowdsec/docker-compose.yml
index 1a642ee8..20c69387 100644
--- a/install/config/crowdsec/docker-compose.yml
+++ b/install/config/crowdsec/docker-compose.yml
@@ -7,7 +7,6 @@ services:
       COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
       ENROLL_INSTANCE_NAME: "pangolin-crowdsec"
       PARSERS: crowdsecurity/whitelists
-      ACQUIRE_FILES: "/var/log/traefik/*.log"
       ENROLL_TAGS: docker
     healthcheck:
       test: ["CMD", "cscli", "capi", "status"]
@@ -18,13 +17,8 @@ services:
       - ./config/crowdsec:/etc/crowdsec # crowdsec config
       - ./config/crowdsec/db:/var/lib/crowdsec/data # crowdsec db
       # log bind mounts into crowdsec
-      - ./config/crowdsec_logs/auth.log:/var/log/auth.log:ro # auth.log
-      - ./config/crowdsec_logs/syslog:/var/log/syslog:ro # syslog
-      - ./config/crowdsec_logs:/var/log # crowdsec logs
       - ./config/traefik/logs:/var/log/traefik # traefik logs
     ports:
       - 6060:6060 # metrics endpoint for prometheus
-    expose:
-      - 6060 # metrics endpoint for prometheus
     restart: unless-stopped
-    command: -t # Add test config flag to verify configuration
\ No newline at end of file
+    command: -t # Add test config flag to verify configuration
diff --git a/install/crowdsec.go b/install/crowdsec.go
index c545a90d..9fadadc6 100644
--- a/install/crowdsec.go
+++ b/install/crowdsec.go
@@ -25,7 +25,7 @@ func installCrowdsec(config Config) error {
 	}
 
 	os.MkdirAll("config/crowdsec/db", 0755)
-	os.MkdirAll("config/crowdsec_logs/syslog", 0755)
+	os.MkdirAll("config/crowdsec/acquis.d", 0755)
 	os.MkdirAll("config/traefik/logs", 0755)
 
 	if err := copyDockerService("config/crowdsec/docker-compose.yml", "docker-compose.yml", "crowdsec"); err != nil {