CrowdSec

C

CrowdSec

CrowdSec: IDS/IPS/WAF Community

Join
happyHyppo
happyHyppo
View on Discord
6/12/2025

Decisions not showing up in crowdsec browser Decisions page? Is it not normal?

Hi I tried to ban myself with my local IP address with: cscli decisions add -i YOUR_TEST_IP -t ban -d 1m . I tried then to reach a page covered by traefik with its bouncer plugin installed and after I run the cscli command I got banned and everything works. Shouldn't I see such decision in the decisions page on the browser though? Or is it like a paid feature?...
nonofr91
nonofr91
View on Discord
6/11/2025

crowdsec & coolify in cluster

Hi, first of all thanks for the guide https://discord.com/channels/921520481163673640/933289687467044874/1377212080343482429 ο»Ώ I have a coolify cluster (swarm) and the security engine I have installed on the worker does not see the docker caddy container of the coolify manager. Has anyone had this problem before?...
JIN
JIN
View on Discord
6/11/2025

Two traefik-bouncers and can't delete the one that's not working

I used pangolin to setup crowdsec and i'm not sure why there is two traefik-bouncers. The 2nd traefik bouncer hasn't pulled from the API for 2 days and I tried deleting it but got the error WARNING bouncer 'traefik-bouncer@172.18.0.3' is auto-created and cannot be deleted, delete parent bouncer traefik-bouncer instead...
No description
PopeRigby
PopeRigby
View on Discord
6/10/2025

Caddy not showing up in acquisition metrics

I have the following acquisition for Caddy: ``` filenames: - /var/log/caddy-crowdsec/*.log labels:...
TornaxO7
TornaxO7
View on Discord
6/10/2025

Set timezone

I'm using the crowdsec lapi server in a docker container. However, if I do podman exec crowdsec-server cscli alerts list it shows me the created date with UTC+0. How can I change that? I've tried to bind /etc/localime in the docker container but that didn't change anyhing.
alukas
alukas
View on Discord
6/10/2025

cron.daily updated & outdated

Hi there! We have it set up so that cron sends us an email each time a script outputs something. Sometimes, we get a lot of emails like this: ``` /etc/cron.daily/crowdsec:...
Sich
Sich
View on Discord
6/10/2025

Whitelist user agent from file

Hi, I try to write a whitelist parser, to whitelist user agent from a file. (stored in parsers/s02-enrich). This is the parser that I write : ``` name: si/si_wl_useragent_ai...
PopeRigby
PopeRigby
View on Discord
6/8/2025

Scenarios that have hit whitelist still showing up as alerts?

I have the following whitelist enabled, as I'm on NixOS: https://github.com/crowdsecurity/hub/blob/master/postoverflows/s01-whitelist/crowdsecurity/auditd-nix-wrappers-whitelist-process.yaml It should be whitelisting all binaries that start follow the form of /nix/store/*/.<binary name>-wrapped, but it still seems to be generating alerts, like in this case: https://gist.github.com/poperigby/97fd29e297c9843ff677d98eeef90f8e...
thatwhiff
thatwhiff
View on Discord
6/6/2025

git-dumper requests not being blocked despite sensitive-files scenario

Hi all, I'm having the CrowdSec + nginx bouncer setup on a server with a publicly accessible .git/ directory. I'm using git-dumper to simulate exploitation, but CrowdSec isn't blocking the requests. The nginx logs are correctly parsed and enriched (cscli explain confirms this)....
pokeghost
pokeghost
View on Discord
6/5/2025

Diagnosing what causes "Http error 400 while talking to LAPI"

Hi everyone. We have CrowdSec deployed in production (with OpenResty bouncer if this is relevant) and even though it works properly, "Http error 400 while talking to LAPI" are regularly being thrown in the logs. These seem to happen only for certain types of requests (origin and paths) I couldn't find any relevant information on why error 400 happens. How can we look deeper into what causes these errors, like seeing the exact contents of LAPI request that caused the error? Thank you in advance!...
DJKatastrof
DJKatastrof
View on Discord
6/4/2025

Caddy Crowdsec no metrics

Hey, I have setup caddy with my lapi server But I get no metrics on my local caddy server. Is there any I can trigger some data on my caddy server? πŸ™‚ ...
alukas
alukas
View on Discord
6/3/2025

Stuck sending event

Hi there! Yesterday our wordpress systems were under a denial of service attack from quite a large botnet. Not blocking this automatically was probably due to us not having CrowdSec properly configured, but this is something we will figure out. However, upon looking through the logs I've found that quite often we get logs like this (a few dozen lines of the sort each time): ```...
TornaxO7
TornaxO7
View on Discord
6/3/2025

Check if decision has been succesfully taken?

I'm really unsure if I've configured crowdsec fully functional now or not. So journalctl -u sshd -e contains messages like this: 
Jun 03 02:47:01 server sshd-session[1760286]: Connection reset by authenticating user root 45.140.17.124 port 33492 [preauth]
Jun 03 02:47:01 server sshd-session[1760286]: Connection reset by authenticating user root 45.140.17.124 port 33492 [preauth]
...
TornaxO7
TornaxO7
View on Discord
6/2/2025

Find out which type for acquisition?

You have to provide the type of an acquisition but how do I know which are available and which is the correct one?
TornaxO7
TornaxO7
View on Discord
6/2/2025

Setup firewall-bouncer-docker

Hi! ```bash exec podman \ run \ --name=crowdsec-firewall-bouncer ...
Willpower
Willpower
View on Discord
6/2/2025

Discord Notification Formatting Help

I found a custom discord.yaml template online that is almost perfect for me, however, it didn't have the target_fqdn in it. I've been trying to figure out how to add it with the same style as the rest of the notification. As you see in the image everything is printing correctly but I cant get each target_fqdn to be surrounded with backticks. Any help is appreicated. below is part of the fields section of my discord.yaml...
No description
Mike(BlacksmithοΌ‰
Mike(BlacksmithοΌ‰
View on Discord
6/2/2025

Need a help for Post "https://api.crowdsec.net/v3/watchers": net/http: TLS handshake timeout

Hi, CrowdSec, I got this problem after restart my crowdsec container last week. And then, I try to re-contruct the container like a new installation with following steps:...
ati
ati
View on Discord
6/2/2025

auth.log seems to not get parsed

It seems my crowdsec instance is not parsing auth.log file from ubuntu linux. I am running the crowdsec container, I have my auth.log mounted in the docker container. Here is the metrics output: ``` β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€...
Sir Valen le Juste
Sir Valen le Juste
View on Discord
6/1/2025

apache bouncer

hello, i can't install apache bouncer on this page h ttps://app.crowdsec.net/alerts...
TornaxO7
TornaxO7
View on Discord
6/1/2025

List of available bouncers?

As the title says: Is there a list available of available bouncers?
PreviousNext