Decisions not displaying on browser page.
Good day all π
I am new to Crowdsec and need some help, please. For some reason, the decisions page no longer displays anything. It used to work, but suddenly stopped working correctly. I do not recall doing anything weird that might have caused this. I tried re-enrolling the engine and added the nginx bouncer again, but this did not work. The console status shows everything as activated with a checkmark. I am not really sure where to look, so I would really appreciate some guidance. Also, worth mentioning, I am running the latest version of Ubuntu Server.
Thanks in advance π Edit: I should mention that in my crowdsec.log it appears that bans do work "time="2025-06-25T20:14:54+09:00" level=info msg="(MACHINE_ID/crowdsec) crowdsecurity/http-admin-interface-probing by ip 185.177.72.201 (GB/0) : 87600h ban on Ip 185.177.72.201"...
does installed Crowdsec packages smoothly transition to the PfSense upgrade to 2.8.0 release?
i guess title says it all.
just hoping to know before upgrading to the pfSense 2.8.0 release with my current crowsdec package installed, has anyone experienced any transition issues?
pfSense has mixed recommendations on whether to remove all packages before upgrading....
Error 500 connecting to app.crowdsec.net
Error 500 occurs when trying to connect to https://app.crowdsec.net
I tried it from my home network, my mobile network, and from work (which is using a different ISP to my home/mobile and was never associated with any of crowdsec services) and all are showing error 500.
Earlier yesterday, the page would just hang while loading. Now it's a more civilized error 500....
opnsense bombarded with blocks coming OUT of the LAN
https://discord.com/channels/921520481163673640/922593826986672178/1386765255996342317
how to approach it? i see also an ip from an unknown subnet trying to connect to outside...
docs about running tests are incorrect
https://doc.crowdsec.net/docs/contributing/contributing_test_env/
apparenlty anything after
../cscli -c ../dev.yaml hubtest run --all is not working as expected...Deploy CrowdSec in agent mode with docker-compose
What's the correct setup and configuration for deploying crowdsec in agent mode (so with a LAPI on a remote server) with docker-compose?
Here's a very basic example of the docker-compose file I'm using:
```
services:
crowdsec:...
PSA: Installing crowdsec on ancient Debian 8 can trigger systemd segfault
Just for some people to be aware of the issue on Debina 8 - if you install crowdsec then it can trigger systemd to get segmentation fault.
This means systemd is totally dead and only system reboot can fix it (
systemctl --force --force reboot but it will trigger reboot IMMEDIATELY)
crowdsec version 1.6.9 on amd64
```text...Traefik Bouncer not pulling from CrowdSec API
I'm running both
crowdsec-firewall-bouncer and crowdsec-traefik-bouncer. While the firewall bouncer is working fine and regularly pulling decisions, the Traefik bouncer is listed in cscli bouncers list but shows no IP address or last API pull timestamp:
It seems the Traefik bouncer isn't communicating with the CrowdSec API. Any idea how to troubleshoot or resolve this?...
Possible bug in cscli decisions list
Hello crowdsec developers.
When I execute cscli decisions list -l 100 - it works
When I execute cscli decisions list -l 221 - it works
When I execute cscli decisions list -l 0 - it works...
Anyone know how to setup Notifications in a Multiserver Architecture?
Let's say I have Machine A on which my LAPI is running.
I have Machine B registered to the LAPI on Machine A. Machine B has its own parser and scenario that are able to detect and trigger bans.
I want to sent a slack notification whenever a ban is triggered through the scenario of Machine B. Where do I have to configure the slack plugin and the profile.yaml?...
Scenario is not banning IP
I am trying to get a ban decision with the following parser and scenario
Scenario:
```
type: leaky...
Question creating Postoverflow Whitelist
I want to create a postoverflow whitelist, so my dynamic IP address from my ISP won't get blocked, when I access and test configurations on my cloud machines.
DynDNS is configured.
I already installed the postverflow rdns parser : https://app.crowdsec.net/hub/author/crowdsecurity/postoverflows/rdns ...
Direct manipulation of the allowlist in the database.
If a record with an IP is inserted into the
allow_list_items table directly in the DB, is it going to be picked up by the LAPI immediately or on a restart of the LAPI only?Manual decision disappear before expiration
Sometimes, in addition to custom scenarios, I add manual decisions by cscli, always for 96h, with the same reason (letβs say "Massive Leech" ). For some minutes, I can still see the bans with
cscli decision list -s "Massive Leech" but passing some minutes, the decisions disappears, far before the expiration. How is it possible?Apache parser failure
Hello
I am trying to setup crowdsec on one of my ubuntu servers.
I am at the very beginning of the process, and i can't event get a test working.
My apache stores logs in /var/log/apache2/other_vhosts_access.log...
Docker infrastructure with multiple services and host strategy
Hi all!!!
I just discovered crowdsec and have been playing with it for a few days and reviewing settings. Right now I have an ubuntu machine where I have docker with a traefik in front and behind it, multiple services such as adguard, portainer , multiple apps with caddy, apache .... etc ... etc
Now I have installed crowdsec in a container and I have a couple of doubts:
- I understand that I can share the journal log of the host machine to protect access to the ssh port
- what is the best strategy to configure crowdsec in containers. Just check the logs of the traefik or configure each of the services ?...
Crowdsec log questions.
Hello everyone,
I require a bit of aid with my setup. I updated crowdsec this morning (to version 1.6.8, 1.6.9 is not yet available via docker for me?) With this I checked the logs to make sure nothing odd was happening. However, I spotted a few things which I am confused by and I woul dlike some help with.
The logs will be attached in the next message....
Is it possible to parse multiple log lines combined?
Let's say I have this two log lines
```
2025-06-17T20:21:05: New connection from IP:PORT on port 8883.
2025-06-17T20:21:06: Client mqtt-explorer-4f4d6ef8 disconnected, not authorised....
OPNsense LAPI Multiserver Setup with NPMPlus
I would like to have a multiserver setup with the OPNsense plugin as the LAPI and have NPMPlus connect to that. I currently have the OPNsense side of things setup and working correctly. I am following the guide below to setup my NPMPlus VM, but am having trouble determining what needs to change from the guide so that the NPMPlus VM does not run the API and instead listens and integrates with OPNsense.
https://www.crowdsec.net/blog/web-server-security-with-npmplus-and-crowdsec
1. Do I need to change anything from the guide in regards to the docker compose file? ...
Try to understand the crowdsec log
The log says
level=info msg="Adding file /var/log/auth.log to datasources" type=file
One second later it says...