After boot is complete - i can easily start it from the GUI.
time="13-04-2023 13:39:18" level=info msg="Adding leaky bucket" cfg=aged-violet file=/usr/local/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf
time="13-04-2023 13:39:18" level=info msg="Adding leaky bucket" cfg=old-thunder file=/usr/local/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf_user-enum
time="13-04-2023 13:39:18" level=warning msg="Loaded 6 scenarios"
time="13-04-2023 13:39:18" level=info msg="loading acquisition file : /usr/local/etc/crowdsec/acquis.yaml"
time="13-04-2023 13:39:18" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
time="13-04-2023 13:39:18" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
time="13-04-2023 13:39:18" level=warning msg="No matching files for pattern /var/log/auth.log" type=file
time="13-04-2023 13:39:18" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="13-04-2023 13:39:18" level=warning msg="No matching files for pattern /var/log/httpd-access.log" type=file
time="13-04-2023 13:39:18" level=warning msg="No matching files for pattern /var/log/httpd-error.log" type=file
time="13-04-2023 13:39:18" level=info msg="loading acquisition file : /usr/local/etc/crowdsec/acquis.d/opnsense.yaml"
time="13-04-2023 13:39:18" level=info msg="Adding file /var/log/audit/latest.log to datasources" type=file
time="13-04-2023 13:39:18" level=info msg="Adding file /var/log/lighttpd/latest.log to datasources" type=file
time="13-04-2023 13:39:18" level=error msg="Failed to notify(sent: false): <nil>"
time="13-04-2023 13:39:18" level=info msg="Starting processing data"
time="13-04-2023 13:39:18" level=fatal msg="starting outputs error : authenticate watcher (332a7b4ff9c1477e883ba3f3dc2ec2a7GzKMhgd8HfGCJf5F): Post \"http://10.27.27.1:8080/v1/watchers/login\": could not get jwt token: Post \"http://10.27.27.1:8080/v1/watchers/login\": dial tcp 10.27.27.1:8080: connect: permission denied"
Hello!
Which version of the plugin are you using?
Can you please check from the console "cscli machines list" - and the last heartbeat. If you have only one server, you should see only one machine.
crowdsec has two parts - a client and a server, in the same executable. they talk through http. the column "name" in machines list should match the login value in /usr/local/etc/crowdsec/local_api_credentials.yaml. If they match, the password is wrong for some reason. Which I'd like to know -- for example in some nas hardware I've seen the random generator behave in a strange way.
Anyway, you don't need a running crowdsec to reset the password.
# cscli machines delete <machine-id>
# rm /usr/local/etc/crowdsec/local_api_credentials.yaml
# umask 077; cscli machines add --auto
and restart the service. If it still does not work, try providing an explicit password instead of --auto, and let me know
Thank you for your reply. I am using 1.0.2 version of os-crowdsec.
I tried all the steps you said including setting the password manually - and restarting the service always works fine without errors. However, the behaviour is still the same after reboot (error log in previous post). This just seems to be a function of something happening at boot.
I also just found this error at boot - dont know if this is causing an issue. Surprisingly it doesnt appear in dmesg, so was quite challenging to capture it! :)
FATAL13-04-2023 19:03:11] error while setting hub branch: Get "https://version.crowdsec.net/latest": dial tcp: lookup version.crowdsec.net on 8.8.8.8:53: dial udp 8.8.8.8:53: connect: network is unreachable