C
CrowdSec2mo ago
moriksan

cscli caddy metrics not showing

I have caddy bouncer running on opnsense (freebsd) with crowdsec plugin. Config appears to be okay, as does parsing. But no metrics regarding caddy bouncer are showing up. cscli explain of a sample line from caddy's log is attached. s02-enrich detects crowdsecurity/http-crawl-non_statics scenario. But i don't see a corresponding bouncer entry or pf entry blocking this ip. Caddy plugin config has the following global options: 
    "crowdsec": {
      "api_key": "some_key",
      "api_url": "http://192.168.0.1:8080/",
      "enable_hard_fails": false,
      "enable_streaming": true,
      "ticker_interval": "15s"
    }
    "crowdsec": {
      "api_key": "some_key",
      "api_url": "http://192.168.0.1:8080/",
      "enable_hard_fails": false,
      "enable_streaming": true,
      "ticker_interval": "15s"
    }
caddy and crowdsec appear to work fine. diagnostics commands below. cscli versions are below: 
version: v1.6.9-40b8cfe6
Codename: alphaga
BuildDate: 2025-07-10_04:15:59
GoVersion: 1.24.4
Platform: freebsd
libre2: C++
User-Agent: crowdsec/v1.6.9-40b8cfe6-freebsd
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0
Built-in optional components: cscli_setup, datasource_appsec, datasource_cloudwatch, datasource_docker, datasource_file, datasource_http, datasource_journalctl, datasource_k8s-audit, datasource_kafka, datasource_kinesis, datasource_loki, datasource_s3, datasource_syslog, datasource_victorialogs, datasource_wineventlog
version: v1.6.9-40b8cfe6
Codename: alphaga
BuildDate: 2025-07-10_04:15:59
GoVersion: 1.24.4
Platform: freebsd
libre2: C++
User-Agent: crowdsec/v1.6.9-40b8cfe6-freebsd
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0
Built-in optional components: cscli_setup, datasource_appsec, datasource_cloudwatch, datasource_docker, datasource_file, datasource_http, datasource_journalctl, datasource_k8s-audit, datasource_kafka, datasource_kinesis, datasource_loki, datasource_s3, datasource_syslog, datasource_victorialogs, datasource_wineventlog

message.txt

6 Replies
CrowdSec
CrowdSec2mo ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
moriksan
moriksanOP2mo ago
blotus
blotus2mo ago
cscli explain will tell you if a given log line has matched a scenario, but this does not mean that a decision would have been taken: most scenarios requires multiple matches. Looking at what you pasted, looks like the bouncer is queyring crowdsec properly. If you want to test, you can add manual decision on your IP cscli decisions add -i <your_ip> -d 1m: this will ban you for 1 minute. Then you can try to access your app and confirm that you are blocked (it may take up to 10s for the bouncer to apply the decision)
moriksan
moriksanOP2mo ago
thank you @blotus for taking the time to look into my query, and respond w/ your guidance. I had forgotten to mention that self-banning does work i.e manual decision isn't an issue. Perhaps i don't understand enough about how and where bouncers send stats for cscli to recognize/pickup. Also, because cscli metrics show bouncers isn't returning any stats, does it mean the bouncer isn't working properly? I don't see error messages in crowdsec logs which could be indicative of a parsing problem. Also, I don't see any decisions coming off of crwodsec's analysis nor any specific bans once caddy log indcates e.g. a http-backdoor-attempt.
Loz
Loz2mo ago
I believe that Caddy metrics is currently still work in progress. It'd be best to check out the repository and any issues that may be still open. I think I created one on there.
moriksan
moriksanOP2mo ago
as i have it setup and working, should i be of any help in capturing necessary logs and such, i'll be happy to contribute.

Did you find this page helpful?