CrowdSec•3mo ago

Anyone know how to setup Notifications in a Multiserver Architecture?

Let's say I have Machine A on which my LAPI is running. I have Machine B registered to the LAPI on Machine A. Machine B has its own parser and scenario that are able to detect and trigger bans. I want to sent a slack notification whenever a ban is triggered through the scenario of Machine B. Where do I have to configure the slack plugin and the profile.yaml? On Machine B oder or Machine A? I was already able to setup a test scenario on Machine A where messages are correctly sent slack to a custom slack channel with its own webhook. But the plugin and scenario are available on Machine A. I want to achieve the same with the scenario of remote Machine B. Test Executions on Machine A with LAPI with "cscli notification test ..." return following message:

DEBU[0000] starting plugin                               args="[/usr/lib/crowdsec/plugins/notification-slack]" path=/usr/lib/crowdsec/plugins/notification-slack
DEBU[0000] plugin started                                path=/usr/lib/crowdsec/plugins/notification-slack pid=31251
DEBU[0000] waiting for RPC address                       path=/usr/lib/crowdsec/plugins/notification-slack
DEBU[0000] using plugin                                  version=1
TRAC[0000] waiting for stdio data                       
INFO registered plugin slack_default              
INFO registered plugin slack_successful_ssh_login 
INFO registered plugin slack_mqtts_new_connection_attempts 
INFO pluginTomb dying                             
ERROR template: :10: unexpected EOF                 plugin:=slack_mqtts_new_connection_attempts
INFO killing all plugins                          
DEBU[0000] received EOF, stopping recv loop              err="rpc error: code = Unavailable desc = error reading from server: read unix @->/tmp/plugin1087064658: read: connection reset by peer"
INFO[0000] plugin process exited                         path=/usr/lib/crowdsec/plugins/notification-slack pid=31251
DEBU[0000] plugin exited

DEBU[0000] starting plugin                               args="[/usr/lib/crowdsec/plugins/notification-slack]" path=/usr/lib/crowdsec/plugins/notification-slack
DEBU[0000] plugin started                                path=/usr/lib/crowdsec/plugins/notification-slack pid=31251
DEBU[0000] waiting for RPC address                       path=/usr/lib/crowdsec/plugins/notification-slack
DEBU[0000] using plugin                                  version=1
TRAC[0000] waiting for stdio data                       
INFO registered plugin slack_default              
INFO registered plugin slack_successful_ssh_login 
INFO registered plugin slack_mqtts_new_connection_attempts 
INFO pluginTomb dying                             
ERROR template: :10: unexpected EOF                 plugin:=slack_mqtts_new_connection_attempts
INFO killing all plugins                          
DEBU[0000] received EOF, stopping recv loop              err="rpc error: code = Unavailable desc = error reading from server: read unix @->/tmp/plugin1087064658: read: connection reset by peer"
INFO[0000] plugin process exited                         path=/usr/lib/crowdsec/plugins/notification-slack pid=31251
DEBU[0000] plugin exited

6 Replies

CrowdSec•3mo ago

Important Information

This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve

mbOP•3mo ago

I tried changing the type to http and testing connectivity with a simple json payload and it worked.

type: http
name: slack_mqtts_successful_client_connection
log_level: info

format: |
  {
    "text": "Hello, World!"
  }

url: https://hooks.slack.com/services/WEBHOOK

method: POST

headers:
  Content-Type: application/json

type: http
name: slack_mqtts_successful_client_connection
log_level: info

format: |
  {
    "text": "Hello, World!"
  }

url: https://hooks.slack.com/services/WEBHOOK

method: POST

headers:
  Content-Type: application/json

DEBU[0000] starting plugin                               args="[/usr/lib/crowdsec/plugins/notification-http]" path=/usr/lib/crowdsec/plugins/notification-http
DEBU[0000] plugin started                                path=/usr/lib/crowdsec/plugins/notification-http pid=37270
DEBU[0000] waiting for RPC address                       path=/usr/lib/crowdsec/plugins/notification-http
DEBU[0000] using plugin                                  version=1
TRAC[0000] waiting for stdio data                       
INFO registered plugin http_default               
INFO registered plugin slack_mqtts_successful_client_connection 
INFO pluginTomb dying                             
INFO[0000] received signal for slack_mqtts_successful_client_connection config  @module=http-plugin
INFO killing all plugins                          
DEBU[0000] received EOF, stopping recv loop              err="rpc error: code = Unavailable desc = error reading from server: EOF"
INFO[0000] plugin process exited                         path=/usr/lib/crowdsec/plugins/notification-http pid=37270
DEBU[0000] plugin exited

DEBU[0000] starting plugin                               args="[/usr/lib/crowdsec/plugins/notification-http]" path=/usr/lib/crowdsec/plugins/notification-http
DEBU[0000] plugin started                                path=/usr/lib/crowdsec/plugins/notification-http pid=37270
DEBU[0000] waiting for RPC address                       path=/usr/lib/crowdsec/plugins/notification-http
DEBU[0000] using plugin                                  version=1
TRAC[0000] waiting for stdio data                       
INFO registered plugin http_default               
INFO registered plugin slack_mqtts_successful_client_connection 
INFO pluginTomb dying                             
INFO[0000] received signal for slack_mqtts_successful_client_connection config  @module=http-plugin
INFO killing all plugins                          
DEBU[0000] received EOF, stopping recv loop              err="rpc error: code = Unavailable desc = error reading from server: EOF"
INFO[0000] plugin process exited                         path=/usr/lib/crowdsec/plugins/notification-http pid=37270
DEBU[0000] plugin exited

When I change the json payload to the following from the documentation: https://docs.crowdsec.net/docs/notification_plugins/http

format: |   
  {{.|toJson}}

format: |   
  {{.|toJson}}

Then I receive errors again

HTTP Plugin | CrowdSec

The HTTP plugin is by default shipped with your CrowdSec installation. The following guide shows how to enable it.

iiamloz•3mo ago

I want to sent a slack notification whenever a ban is triggered through the scenario of Machine B. Where do I have to configure the slack plugin and the profile.yaml? On Machine B oder or Machine A?

LAPI is the process that manages plugins, so you would only need to configure on machines A. and why you changing the format to a json payload it has to be altered to whatever application you are sending it too. so if slack expects {"text": ""} doing a {{ . | toJson}} doesn't know you need a text attribute 😕 cause even though you name it slack its the http plugin so why not configure the slack plugin which the format is sent as the message body.

iiamloz•3mo ago

https://docs.crowdsec.net/docs/next/local_api/notification_plugins/slack

Slack Plugin | CrowdSec

The slack plugin is by default shipped with your CrowdSec installation. The following guide shows how to enable it.

mbOP•3mo ago

Just for testing purposes. I needed a simple way to see if maybe my webhook url was wrong or something else was the matter. And if in case I saw using http plugin would be easier, then I would have completely switched to http plugin. Would then be only a matter of how to include those Alert Values inbetween the string that is being sent via the json object. But I found my issue now. When I copied the messag template, for some reason the parts that weren't directly visible on the screen weren't copied as well. Therefore the template was incomplete and the issue arised. Dumb on my part. Sorry for the inconvience.

CrowdSec•3mo ago

Resolving Anyone know how to setup Notifications in a Multiserver Architecture? This has now been resolved. If you think this is a mistake please run /unresolve

Gaming

Programming

Anyone know how to setup Notifications in a Multiserver Architecture?

Did you find this page helpful?