Multi-SERVER - Problem with an agent with 2 IPs
Hello,
I currently have a main server that receives alerts from the other servers, but I have a server that has 2 IPv4 addresses, but sometimes it types with its last IP address, so I get an error: bad user agent from: X.X.X.X
Is there a solution to this problem?
14 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Hmmm, can you share the log lines you can redact the IP but im wondering where it orginating from (as in the code).
Hello,
time="2025-06-03T02:12:50+02:00" level=error msg="bad user agent from : X.X.X.X"
time="2025-06-03T02:12:50+02:00" level=error msg="bad user agent from : X.X.X.X"
The machine has two IP addresses, the second IP address is the one that meets the bad user agent.
but you dont see the error that happens directly before?
GitHub
crowdsec/pkg/apiserver/middlewares/v1/jwt.go at d7d7e676059afe94533...
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. - crowdsecurity/crowdsec
if you are
grepping add -B1 or -b1 i forget the flagtime="2025-06-03T02:12:50+02:00" level=error msg="unable to update machine 'xxxxxxx' version 'v1.6.8-debian-pragmatic-amd64-f209766e-linux': unable to update machine version in database: context canceled"
Yes, I'm getting this message but I've updated crowdsec
the message is stating the commit to the database was cancelled probably due to the incoming
http request was cancelled.
on the machine itself that is sending do you see any logs to indicate a error?Also, which version of LAPI are you running ?
This remind me of an old issue where we were using the request context to control access to the database, but if the client cancelled/closed the request before we were done interacting with the database, it would lead to errors like this
version: v1.6.5-debian-pragmatic-amd64-d8dcdc91
ahhh, are you running pfsense or opnsense
No
Ubuntu LTS
we are still using the request context here
but it should not really matter, it's inside the code that handles auth (so we haven't sent anything back to the client at this point, so in theory it should not close the connection)
probably something weird with the LP then
However, IP and link are not the same.
Client version :
version: v1.6.8-debian-pragmatic-amd64-f209766e
On server machines list :
xxxxxxxxxxxxxxxxxxx x.x.x.x 2025-06-03T14:40:45Z ✔️ v1.6.8-debian-pragmatic-amd64-f209766e-linux Ubuntu/24.04 password 36s