Try to understand the crowdsec log
The log says
level=info msg="Adding file /var/log/auth.log to datasources" type=file
One second later it says...
Disable protection on a OPNsense interface?
I've got a vlan on my OPNsense firewall that's VPN'd and dedicated for Bittorrent. Crowdsec plugin is blocking most of the bittorrent traffic. Is there a known way to exclude an interface / vlan from the crowdsec bouncer?
Questions on Integrating CrowdSec with Traefik Behind Cloudflare
Edit - Post content exceeded the length allowed by discord so posted it on forum here
GID for docker-compose
Hi there,
New to crowdsec, docker, and homelab stuff in general. I got a TerraMaster NAS, and the default user is also the super user with a UID:GID of 0. The root user has UID:GID of 9999. In my docker compose file should I use 0 for GID, or should I be creating a new group just for crowdsec.
Thanks in advance...
How to massively ban a pool of @ip?
Hello, I'm having an issue on several servers. Sometimes there's a high load caused by a pool of IP addresses making massive requests (lots of bots). The problem is that CrowdSec doesn't ban them because it's one IP at a time. Do you have a solution for this?
Heavy load on mariadb
Hello,
I came across a similar topic on the forum and I'm currently experiencing the same issue. (https://discourse.crowdsec.net/t/heavy-load-on-mariadb-multi-servers-environment/1738)
MariaDB is consuming all available CPU resources (I’ve tested with 8, then 12, and even 16 vCores), especially during SQL query execution. I also ran MySQLTuner, but the issue still persists....
Key not valid Docker installation
I installed crowdsec with docker, the install works fine
Volumes are mounted with docker-compose.yml
volumes:...
Remediation Metrics only showing for one engine
Hello, I have two engines running, have tagged them as Mailcow and Caddy as you can see in the screenshot.
Under Remediation Metrics, Caddy shows plenty of data, but Mailcow shows none, even though it is blocking events.
Do blocked events not count as prevented attacks?...
Are negative ban time values normal?
I was looking into the decision list with
...
sudo cscli decisions list -a
sudo cscli decisions list -a
Unifi s01 parser
Hi all,
still doing an attempt at writing a s01 Unifi parser... I have gotten it working a fair bit, however I have now added a 2nd line (which follows the same structure and should work afaik) but it doesn't...
Parser:...
Custom Unifi parser
Hi all,
I'm trying to write a s00 Unifi parser but running into some roadblocks. I have setup a test env. (which was a hassle btw.)
Using the help of AI I'm trying to get a basic understanding of how these parsers are written....
Custom parser in test env. not working
Hi all,
I keep getting this error:
```
Error: unable to install hub in '/home/ubuntu/crowdsec-v1.6.8/tests/hub/.tests/s00-unifi/runtime/hub': stage 'parsers' extracted from '/home/ubuntu/crowdsec-v1.6.8/tests/hub/parsers/parsers' doesn't exist in the hub...
explain me a list notation in postoverflow
Hello,
```
name: crowdsecurity/cdn-whitelist
description: "Whitelist CDN providers"...
Not sure if I understand difference between multi-server setup and log centralization.
I am new to Crowdsec and want to integrate this in my infrastructure. For testing purposes I set up two servers where I installed the Crowdsec security engine on both machines and configured one to be the central LAPI (Main Machine) and registered the other machine (Child Machine) to this central LAPI as shown in this instruction video: https://www.youtube.com/watch?v=V4rr2gcPfW0&t=2337s and this information from the documentation https://docs.crowdsec.net/u/user_guides/multiserver_setup/.
I also installed a firewall bouncer on the Child Machine and registered the bouncer to the Main Machine and this works and already started blocking some malicious IPs.
Now my question. In such a setup, where I installed the security engine on each node (not sure if installation of only bouncer is possible), would I still need to setup a central log processing via rsyslog? Would I need to install rsyslog on each child machine, as well as the main machine and then forward the logs as shown in this documentation article: https://docs.crowdsec.net/u/user_guides/log_centralization ?
...
Decisions not showing up in crowdsec browser Decisions page? Is it not normal?
Hi I tried to ban myself with my local IP address with: cscli decisions add -i YOUR_TEST_IP -t ban -d 1m .
I tried then to reach a page covered by traefik with its bouncer plugin installed and after I run the cscli command I got banned and everything works.
Shouldn't I see such decision in the decisions page on the browser though? Or is it like a paid feature?...
crowdsec & coolify in cluster
Hi, first of all thanks for the guide https://discord.com/channels/921520481163673640/933289687467044874/1377212080343482429
I have a coolify cluster (swarm) and the security engine I have installed on the worker does not see the docker caddy container of the coolify manager.
Has anyone had this problem before?...
Two traefik-bouncers and can't delete the one that's not working
I used pangolin to setup crowdsec and i'm not sure why there is two traefik-bouncers.
The 2nd traefik bouncer hasn't pulled from the API for 2 days and I tried deleting it but got the error
WARNING bouncer 'traefik-bouncer@172.18.0.3' is auto-created and cannot be deleted, delete parent bouncer traefik-bouncer instead...
Caddy not showing up in acquisition metrics
I have the following acquisition for Caddy:
```
filenames:
- /var/log/caddy-crowdsec/*.log
labels:...
Set timezone
I'm using the crowdsec lapi server in a docker container. However, if I do
podman exec crowdsec-server cscli alerts list it shows me the created date with UTC+0. How can I change that? I've tried to bind /etc/localime in the docker container but that didn't change anyhing.cron.daily updated & outdated
Hi there!
We have it set up so that cron sends us an email each time a script outputs something.
Sometimes, we get a lot of emails like this:
```
/etc/cron.daily/crowdsec:...