CrowdSec•4mo ago

Decisions not showing up in crowdsec browser Decisions page? Is it not normal?

Hi I tried to ban myself with my local IP address with: cscli decisions add -i YOUR_TEST_IP -t ban -d 1m . I tried then to reach a page covered by traefik with its bouncer plugin installed and after I run the cscli command I got banned and everything works. Shouldn't I see such decision in the decisions page on the browser though? Or is it like a paid feature?

27 Replies

CrowdSec•4mo ago

Important Information

This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve

iiamloz•4mo ago

Since the decision is 1 minutes, there a delay between the alert and being recieved by the console so it may expire before it can be rendered in the page. also forgot to point out the page only shows active decisions if you check the alerts page do you see the manual alert?

happyHyppoOP•4mo ago

Ahhh ok, now I banned myself for 10 minutes... maybe now it will show up

iiamloz•4mo ago

also make sure you can see manual alerts in the alerts tab, if not then most likely it hasnt enabled the manual alerts inside cscli console status

happyHyppoOP•4mo ago

at the moment in the crowsec dashboard ( browser I mean) I don't see anything but I just run cscli console status and this is the status

iiamloz•4mo ago

ahhh well that makes sense, manual is turned off

happyHyppoOP•4mo ago

so I guess that manual ban are not sent to the dashboard online at all right?

iiamloz•4mo ago

ye you do cscli console enable manual then you have to restart the container cause it needs to reload

happyHyppoOP•4mo ago

Ok, I just run the command, rebooted the container and banned myself again

happyHyppoOP•4mo ago

I guess I have to try to get the ip of my phone and try to reach a service out of my local network 😄

happyHyppoOP•4mo ago

so if an IP is local then it won't show up at all in the console

iiamloz•4mo ago

hmm that info is not correct as far as im aware cause I get this

iiamloz•4mo ago

happyHyppoOP•4mo ago

As a "debug", I tried now in my local crowdsec container to ban the IP of my phone, and still, I can't see it as an alert nor a decision

iiamloz•4mo ago

and for the container you are persisting the /etc/crowdsec directory so your not getting disconnect from the enrollment?

happyHyppoOP•4mo ago

crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    user: ${PUID}:${PGID}
    restart: unless-stopped
    environment:
      TZ: Europe/Berlin
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/http-cve baudneo/gotify crowdsecurity/nextcloud gauth-fr/immich firix/authentik Dominic-Wagner/vaultwarden #crowdsecurity/linux
      DOCKER_SOCKET_HOST: traefik_socket-proxy
      BOUNCER_KEY_TRAEFIK: "myKey"
    env_file:
      - ../envs/global.env
      - stack.env
    volumes:
      - ${BASE_PATH}/crowdsec/data:/var/lib/crowdsec/data:rw
      - ${CROWDSEC_SHARED_LOGS}:/var/log/crowdsec:rw
      # - ./crowdsec_config:/etc/crowdsec
      - ${BASE_CONFIG_PATH}/traefik/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml
      - /var/log/syslog:/syslog:ro
    networks:
      traefik_internal:
    security_opt:
      - no-new-privileges:true
    ports:
      - 6060:6060 # METRICS
      - 8081:8080/tcp # API port

crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    user: ${PUID}:${PGID}
    restart: unless-stopped
    environment:
      TZ: Europe/Berlin
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/http-cve baudneo/gotify crowdsecurity/nextcloud gauth-fr/immich firix/authentik Dominic-Wagner/vaultwarden #crowdsecurity/linux
      DOCKER_SOCKET_HOST: traefik_socket-proxy
      BOUNCER_KEY_TRAEFIK: "myKey"
    env_file:
      - ../envs/global.env
      - stack.env
    volumes:
      - ${BASE_PATH}/crowdsec/data:/var/lib/crowdsec/data:rw
      - ${CROWDSEC_SHARED_LOGS}:/var/log/crowdsec:rw
      # - ./crowdsec_config:/etc/crowdsec
      - ${BASE_CONFIG_PATH}/traefik/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml
      - /var/log/syslog:/syslog:ro
    networks:
      traefik_internal:
    security_opt:
      - no-new-privileges:true
    ports:
      - 6060:6060 # METRICS
      - 8081:8080/tcp # API port

sorry for the trash formatting

iiamloz•4mo ago

yep # - ./crowdsec_config:/etc/crowdsec is commented out so everytime you restart it getting a new id

happyHyppoOP•4mo ago

ah fuck 😄 so now I have to enroll it again, right?

iiamloz•4mo ago

Yep but firstly make sure you persist it cause if not going to happen again

happyHyppoOP•4mo ago

May I ask if I can remove this volume then? --> - ${BASE_PATH}/crowdsec/data:/var/lib/crowdsec/data:rw

iiamloz•4mo ago

No as that is the database path, the other is the configuration directory, you need both

happyHyppoOP•4mo ago

Oh yes! It works! Thanks @Loz Basically the main issue was the missing config volume

iiamloz•4mo ago

Yep cause whenever we would change anything configuration wise such as enrolling a restart will think its a new instance

happyHyppoOP•4mo ago

Yep 🙂 the cscli console enable manual, can be maybe setup with an env variable? SO that I don't need I can debug whenever I need?

iiamloz•4mo ago

Yeah there a pending PR to add it as a env variable, still needs to be merged afaik

happyHyppoOP•4mo ago

Super thank you for the info 🙂

CrowdSec•4mo ago

Resolving Decisions not showing up in crowdsec browser Decisions page? Is it not normal? This has now been resolved. If you think this is a mistake please run /unresolve

Gaming

Programming

Decisions not showing up in crowdsec browser Decisions page? Is it not normal?

Did you find this page helpful?