9 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Its something wrong about my config.yaml?
common:
log_media: stdout
log_level: info
log_dir: /var/log/
config_paths:
config_dir: /etc/crowdsec/
data_dir: /var/lib/crowdsec/data/
simulation_path: /etc/crowdsec/simulation.yaml
hub_dir: /etc/crowdsec/hub/
index_path: /etc/crowdsec/hub/.index.json
notification_dir: /etc/crowdsec/notifications/
plugin_dir: /usr/local/lib/crowdsec/plugins/
crowdsec_service:
acquisition_path: /etc/crowdsec/acquis.yaml
acquisition_dir: /etc/crowdsec/acquis.d
parser_routines: 1
plugin_config:
user: nobody
group: nobody
cscli:
output: human
db_config:
log_level: info
type: sqlite
db_path: /var/lib/crowdsec/data/crowdsec.db
flush:
max_items: 5000
max_age: 7d
use_wal: true
api:
client:
insecure_skip_verify: false
credentials_path: /etc/crowdsec/local_api_credentials.yaml
server:
log_level: info
listen_uri: 0.0.0.0:8080
profiles_path: /etc/crowdsec/profiles.yaml
trusted_ips: # IP ranges, or IPs which can have admin API access
- 127.0.0.1
- ::1
online_client: # Central API credentials (to push signals and receive bad IPs)
credentials_path: /etc/crowdsec//online_api_credentials.yaml
enable: true
cti:
key: ${CTI_API_KEY}
cache_timeout: 60m
cache_size: 50
enabled: true
log_level: debug
prometheus:
enabled: true
level: full
listen_addr: 0.0.0.0
listen_port: 6060
i think until your load is under 4.0 you are fine with your CPU usage
With sqlite it may be an issue with a slow storage, check the sqlite db size
should i move to mariadb for the database?
how do i check how many ip ban in my sqlite db?
These spikes are probably from CrowdSec parsing something, your load is close to 0 so you should be fine.
i see, so no need to switch mariadb too?
it's hard to say without any more information, but most likely no (if anything, it would probably make the CPU usage worse, because then you have an entire database running alongside crowdsec, which is much heavier than sqlite)
Unless you have a lot of different log processors/bouncers hitting LAPI or you are processing a lot of logs per seconds which results in alerts, no need.
CPU spikes can be caused by a lot of things, and the spike themselves will also depends on the type of CPU (a raspberry pie will show much higher usage/spikes than a modern server chip)
i see, thanks for your reply. currently only have 1 bouncer i think should be no problem. idk for now already back to normal might the bouncer already clear the job.