Which haproxy frontend does the crowdsec use to query decisions?
Hello. I have been running crowdsec's haproxy bouncer on OPNSense for a while using the two backends it requires. Which front end OR one of these backends does the bouncer query every 10 seconds please?
What do I want to do?: The haproxy logs have these queries every 10 seconds and make it difficult to work with haproxy, in the sense that is overpolluted with these log entries.
I am trying and failing so far to mute these log entries. I am setting the "http-request set-log-level silent" on the http front end but I'm not having success. I am doing it wrong because I am going blind.
The muting of logs can only be done on a front end on haproxy, not on a backend. So I'm hoping you tell me that the queries ie. "2025-07-01T22:27:11 Informational haproxy -:- [01/Jul/2025:22:27:11.238] <HTTPCLIENT> -/- 2/0/0/65/65 200 153 - - ---- 0/0/0/0/0 0/0 {} "GET http://192.168.5.1:8081/v1/decisions/stream?startup=false HTTP/1.1"" are going to the front end, so I can keep trying there.
If you said: no the queries are going to the crowdsec backend, then I am snookered.
9 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Resolving Which haproxy frontend does the crowdsec use to query decisions?
This has now been resolved. If you think this is a mistake please run
/unresolve
Unresolving Which haproxy frontend does the crowdsec use to query decisions?
This has now been unresolved.ps. I see from the documentation/blog post that the haproxy config for this requires "# define a backend for crowdsec to allow DNS resolution
backend crowdsec
server crowdsec localhost:8080 check
Crowdsec bouncer <<<" so it appears clear that this backend is used. I should have been clearer. Does the query go from some crowdsec code directly to this backend, or (ideally for being able to silence these log entries), goes to the http front end first ?
sorry for the messy message. I don't know how to use discord properly. I don't see ways of wrapping lines in code tags.
anyone?
The code only goes to the backend not through any frontends.
thanks @Loz . I was afraid you'd say that. Any suggestions on how to get them sent to the frontend instead so we can mute those logs? It is one every 10 seconds, so too noisy
I don't think there's a way with the current bouncer, but we are working a new version (https://github.com/crowdsecurity/cs-haproxy-spoa-bouncer), which runs in a separate process, and the update queries will not be made by haproxy
Wonderful to hear @blotus . I will follow that with great interest.
you chaps are great !
just one ask. I see the roadmap has docker and dockerfile for it. Please, please, do make it so that is not docker-only. We need these to be usable in freeBSD too, traditional style.
We never provide anything docker only.
At a minimum, we have packages for deb/rpm based distributions.
For freebsd, we do not always provider proper packages, but you can always download the binaries from the github releases
binary releases, perfect !