C
CrowdSec2mo ago
Paul Carton

No decisions and no alerts in the console

I have a problem with a server setup as it does not show any decisions made nor does it show any alerts on the console. Please see the attached text for a full description of the situation. Thanks in advance for any help offered.
5 Replies
CrowdSec
CrowdSec2mo ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
_KaszpiR_
_KaszpiR_2mo ago
There is no attached text
Paul Carton
Paul CartonOP2mo ago
@KaszpiR Sorry, I'm very new to Discord (or any such programme) so please bear with me if I don't get things right the first time round. The file should now be attached

message1.txt

iiamloz
iiamloz2mo ago
So you have these parsers installed 
crowdsecurity/dateparse-enrich      ✔️  enabled  0.2      /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml     
 crowdsecurity/geoip-enrich          ✔️  enabled  0.5      /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml         
 crowdsecurity/public-dns-allowlist  ✔️  enabled  0.1      /etc/crowdsec/parsers/s02-enrich/public-dns-allowlist.yaml 
 crowdsecurity/sshd-logs             ✔️  enabled  3.0      /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml             
 crowdsecurity/syslog-logs           ✔️  enabled  0.8      /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml             
 crowdsecurity/whitelists            ✔️  enabled  0.3      /etc/crowdsec/parsers/s02-enrich/whitelists.yaml  
crowdsecurity/dateparse-enrich      ✔️  enabled  0.2      /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml     
 crowdsecurity/geoip-enrich          ✔️  enabled  0.5      /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml         
 crowdsecurity/public-dns-allowlist  ✔️  enabled  0.1      /etc/crowdsec/parsers/s02-enrich/public-dns-allowlist.yaml 
 crowdsecurity/sshd-logs             ✔️  enabled  3.0      /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml             
 crowdsecurity/syslog-logs           ✔️  enabled  0.8      /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml             
 crowdsecurity/whitelists            ✔️  enabled  0.3      /etc/crowdsec/parsers/s02-enrich/whitelists.yaml
You mention jellyfin above but it seems crowdsec isnt configured to monitor this resource or at least if you have a reverse proxy. We have a post installation guide about acqusitions https://docs.crowdsec.net/u/getting_started/post_installation/acquisition which is the part which informs crowdsec where to find the log sources. If you have already done this and they are not showing up, it could be that the log files are mounted via a NFS share which you will also need to add this configuration attribute to switch from inotify to manual polling: https://docs.crowdsec.net/docs/next/log_processor/data_sources/file#poll_without_inotify
Paul Carton
Paul CartonOP2mo ago
Hi Loz, thank you very much for looking at this for me, I appreciate your assistance very much. I had set up all my servers behind an nginx reverse proxy (running on a separate LXC container on my PVE) in the past and never got crowdsec going at all. It never showed any activity nor decisions and all was set up according to the instructions on the crowdsec site. I always thought that the problem was with my setup, or the Proxmox VE, or my dynamic dns server or maybe even my Fritz!Box so I sort of just accepted that it didn't work. That was until I set up the new nginx proxy as per the instructions from Zoey (https://www.crowdsec.net/blog/web-server-security-with-npmplus-and-crowdsec) which I set up in a LXC-Container on my Proxmox VE and,......everything worked fine for this server. Traffic and logs were being pared and activity and decisions were being passed on to the console. It didn't matter that the nginxplus server was in a LXC-Container, neither the Proxmox VE, nor the Fritz!Box, nor the dynamic dns service were blocking any traffic and the console was counting all the activity and decisions. This was an eye-opener for me. In the meantime I have tried to set up crowdsec on the Proxmox VE itself, on my nextcloud server and on the jellyfin server, none of which worked and all the log files are locally on the LXC-Containers, none mounted over a share or NAS. I followed all the instructions on the crowdsec site and when it come to the post-installation checkings, nothing works, all the challenges are not recorded and absolutely nothing happens. I am simply extremely frustrated. I have tried all the suggestions I could glean from the crowdsec site, the internet at large and every "How-To" on youtube and everywhere else I could find and nothing, really nothing worked for any of the servers I set up, with the exception of the nginxplus server from Zoey. So I don't really know what to say other than I will start all over again and try it again from scratch
Enhancing Web Server Security with NPMplus and CrowdSec
Learn how to enhance your web server security using NPMplus as a Remediation Component for the CrowdSec Security Engine.

Did you find this page helpful?