PfSense or npm or both
Iβve been using CrowdSec with the npmplus Docker image for about a year now, and just set up a pfSense box. npmplus is running on a separate physical machine from my pfSense. Is there any way to set up both without paying 59$ a month for a second slot? I tried just having the npmplus be the LAPI and having the pfSense box send the logs to the npmplus parser, but whenever I do that, it requires me to add a second slot to my engine. Not saying I donβt want to support CrowdSec in the amazing things...
NPM remediation component can't reach LAPI due to certificate error
proxy-host-6_error.log:2025/09/06 04:41:52 [error] 241#241: *1782 [lua] live.lua:39: live_query(): failed to query LAPI https://crowdsec.local.rxample.net/v1/decisions?ip=192.168.1.52: 20: unable to get local issuer certificate, client: 192.168.1.52, server: homeassistant.example.net, request: "POST /api/webhook/wow HTTP/1.1", host: "homeassistant.example.net"
The crowdsec log processor and curl etc. in the same machine can reach the LAPI just fine.
My LAPI runs in a separate machine reachable through https://crowdsec.local.example.net inside the local network.
Other log processors running in home assistant and it's bouncer can also connect with the LAPI without issues....
Nextcloud AIO Docker Container and Crowdsec
Hi,
I run Nextcloud AIO (NC AIO) in docker and would like to also use the Crowdsec docker container. From my limited understanding, Crowdsec works by parsing the webserver logs and I do know that NC AIO uses apache as it's webserver, so the Crowdsec container will need to be able to parse the apache log files. I'm just not sure how to make this happen and was hoping someone with knowledge could help me out here. Thank you π...
Curious about expiration on Decisions around the 22 hour space
It seems there are 3 different groupings of expiring decisions, those around the 4 hour length, a jump up to the 22 hour length with a huge group of IPs, and then another rather large jump up to 104 with its group going on up to less than 168 hours
The 22-24 hour group, does it stay around, or do the elements in the group occasionally or often 'expire naturally'?
```...
kubernetes k8s overriding parameters for Scenario
I want to increase the
capacity in the crowdsecurity/nginx-req-limit-exceeded scenario.
(Scenario installed together with the collection crowdsecurity/nginx)
How can I do this?...Nginx + Crowdsec on Debian, Unparsed logs
Hi guys,
I just installed Crowdsec and what I noticed is that I have some unparsed logs. I have talked to AI for 2 hours straight and now im wondering if this is even worth fixing or just normal behaviour.
Parser Metrics β
ββββββββββββββββββββββββββββββββββββββ¬βββββββ¬βββββββββ¬βββββββββββ€...
Container Acquisition randomly stopping
I setup CrowdSec to acquire logs from Traefik and Authelia. The logs are read through a socket proxy.
So i have a config file for Authelia like this:
```yaml
container_name:...
Docker-based Engine Keeps Disconnecting
Hey guys,
I have a working crowdsec/traefik config running via Docker Compose. My issue is that it seems that I get the engine registered in the container via cscli enroll and it will work for a few hours then just stop checking in.
What's the best way to register the container's engine and make 100% sure it won't just disappear?...
AppSec whitelist? Ignore vpatch-git-config when matching?
Hello, I am new to CrowdSec and have always worked with Fail2Ban before.
I secured my NPM with CrowdSec. Like many others, NPM acts as a bridge to underlying services. The
access.logs and error.logs are processed, and AppSec is also configured. Everything works. Today, I put my Nextcloud behind the NPM into operation. I was able to successfully configure the parser whitelist (s02-enrich) so that http-sensitive-files does not block my .git directories, etc.
However, I still occasionally got 403 and 404 errors during synchronization, which ultimately led to a ban for some directories (http-probing)....How to test CAPTCHA with crowdsec-haproxy-spoa-bouncer
Hello,
I'm new to crowdsec and really impressed with it so far. I think I've got crowdsec-haproxy-spoa-bouncer setup correctly using the v0.0.5-rc2 release (I'm using turnstile so needed that, thank you)
How do I test the CAPTCHAs?
If I go to my site normally I am allowed in.
If I set
cscli decisions add --ip my.ip.ad.dr --type captcha I get the captcha and pass it but I am redirected to the CAPTCHA page again....Enrollment of server with docker in Security Engine
After installing crowdsec in a Docker environment, what is the best way to enroll it into the Crowdsec Security Engine?
traefik logs
i am trying to get traefik to show up in cscli metrics, but the container does not show up and i've created the file traefik.yaml and placed in the
acquis.d directory where it should goGrafana Dashboards showing no data for many panels
I just setup the Prometheus export (
level = "full") and setup a couple of Grafana dashboards from here: https://github.com/crowdsecurity/grafana-dashboards
Now most of the panels have no data at all.
An example of the CrowdSec Overview panel is in the attachment.
...
Upgrade to 1.7.0
I just tried to upgrade from 1.6.11 to 1.7.0 but the update always fails on either main nor lapi connected machines.
Main machine:
...
Sep 03 10:07:50 vps crowdsec[1090085]: FATAL crowdsec init: while loading acquisition config: missing labels in /etc/crowdsec/acquis.yaml (position 3)
Sep 03 10:07:50 vps systemd[1]: crowdsec.service: Control process exited, code=exited, status=1/FAILURE
Sep 03 10:07:50 vps crowdsec[1090085]: FATAL crowdsec init: while loading acquisition config: missing labels in /etc/crowdsec/acquis.yaml (position 3)
Sep 03 10:07:50 vps systemd[1]: crowdsec.service: Control process exited, code=exited, status=1/FAILURE
k8s test not working, possibly due to real IPs not being passed?
I have everything deployed in k8s.
I am using nginx-ingress from here.
I have manually modified the helm chart for the local lapi container to use the
use_forwarded_for_headers flag....Does the Appsec WAF component support Traefik or is it only for nginx?
Unfortunately your docs on this subject are confusing, there's multiple sets of setup docs for AppSec/WAF and only one of them mentions that it's currently only supported for NGinx so can you please clarify before I put more work into Traefik?
Thanks!...
Best way to add dynamic UptimeRobot IP whitelist in CrowdSec?
Hi all, I have a question about handling allowlists/whitelists in parsers.
Iβd like to whitelist the IPs from UptimeRobot (list here: https://cdn.uptimerobot.com/api/IPv4andIPv6.txt).
I see in the docs that data: can be used in a parser definition like this:...
No alerts sent to central dashboard - lite community blocklist
Hi,
I not-so-recently added crowsec to my caddy reverse proxy, but at that time I had yet another thing in front of it so it never really saw the public ip addresses. I've since fixed this, and i'm trying to get it off of the lite blocklist.
CAPI and LAPI looks correct...
ingress nginx kubernetes + custom logs
The logs are being parsed, but no further events occur.
Nginx has custom logs, but I created a parser.
Could you please advise me on how to resolve this issue?...
