C
CrowdSec3w ago
joshward9182

Collection Not Banning

I'm just getting into Crowdsec and installed on my Unraid server, with Traefik as my reverse proxy. I followed an Ibracorp tutorial for help. Multiple collections don't seem to be parsing the logs correctly. One example being LePresidente/overseerr-logs. I have tried an incorrect login attempt, while on VPN & Private browsing. I see the attempt in the logs correctly, it matches the patterns in the overseerr-logs parser, but the metrics don't show it as parsed. I'm monitoring them directly with the Docker socket, and the 'lines read' does increase appropriately. What should I be focussing my attention to for debugging?
No description
No description
3 Replies
joshward9182
joshward9182OP3w ago
Note: I had a separate attempt (no screenshots) where I tried lots of bad logins in a short space of time and did not get banned. This is what alerted my attention to a problem, initially.
iiamloz
iiamloz3w ago
hmm I dont know if its your terminal that is displaying error/info as colors, or is it them outputing terminal colors, if so it might be the same as https://github.com/crowdsecurity/hub/issues/1430
joshward9182
joshward9182OP3d ago
Thank you for getting back to me. (Sorry for the late reply, I think Discord was stopping me?) This wasn't my issue but the process described gave me some ideas of things to check (using the explain command). I misunderstood how to use the docker source in the acquis.yaml. I thought I could do the following: 
source: docker
container_name:
  - overseerr
  - immich
labels:
  type: docker
source: docker
container_name:
  - overseerr
  - immich
labels:
  type: docker
Fixed it to the following, which yielded the expected behaviour: 
source: docker
container_name:
 - overseerr
labels:
  type: overseerr
---
source: docker
container_name:
 - immich
labels:
  type: immich
source: docker
container_name:
 - overseerr
labels:
  type: overseerr
---
source: docker
container_name:
 - immich
labels:
  type: immich

Did you find this page helpful?