I don’t use Crowdsec, only Fail2ban, but I would say that the ownership of the file shouldn’t be an issue, since it’s basically always owned by the webserver user, regardless of whether you are using AIO or some other installation type.
Did you actually install the respective collections/parsers and configure them accordingly?
Maybe the following links are of any help:
https://github.com/nextcloud/all-in-one/discussions/2194
https://app.crowdsec.net/hub/author/crowdsecurity/configurations/nextcloud-logs
https://www.c-rieger.de/nextcloud-installationsanleitung/#c06 (German)