"Quote from: irrenarzt on June 12, 2025, 04:27:08 PMWhat country is CrowdSec running in? It's odd that this wasn't a problem up until today.
As far as the open source engine is concerned, Ireland.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
25.1, 25.4 Series / Re: CrowdSec not starting in 25.1.8_1
June 12, 2025, 05:32:11 PMAs far as the open source engine is concerned, Ireland.
#2
25.1, 25.4 Series / Re: CrowdSec not starting in 25.1.8_1
June 12, 2025, 05:11:47 PMQuote from: irrenarzt on June 12, 2025, 03:56:07 PMI can't get CrowdSec services to run after the update, and I see someone else reported the same issue on Reddit.
Error configd.py Timeout (120) executing : crowdsec decisions-list
Error configd.py Timeout (120) executing : crowdsec alerts-list
I'm also seeing other report no issues. Any ideas?
Hi, I am the maintainer of the plugin and can't replicate the issue.
Could you please run
# cscli support dump
and send us the resulting file at support@crowdsec.net? It will send part of the configuration and some logs, nothing sensitive.
Also let me know if "cscli hub update" and "cscli hub upgrade" work without errors.
Thanks!
#3
25.1, 25.4 Series / Re: CrowdSec Starting and Stopping
March 07, 2025, 10:44:13 AM
Hi,
this is a custom scenario you made, so I can't exactly replicate. Can you send the content of scenario.yaml to support@crowdsec.net? Attaching the output of "cscli support dump" can help as well. Thanks!
this is a custom scenario you made, so I can't exactly replicate. Can you send the content of scenario.yaml to support@crowdsec.net? Attaching the output of "cscli support dump" can help as well. Thanks!
#4
25.1, 25.4 Series / Re: CrowdSec Starting and Stopping
March 06, 2025, 09:59:25 AM
Hello,
the way to debug the issue is to look for the reason in /var/log/crowdsec/crowdsec.log
if you still don't see why it would restart, you can run "cscli support dump" and send the resulting file to support@crowdsec.net
the way to debug the issue is to look for the reason in /var/log/crowdsec/crowdsec.log
if you still don't see why it would restart, you can run "cscli support dump" and send the resulting file to support@crowdsec.net
#5
24.7, 24.10 Series / Re: Crowdsec quits with new update
January 20, 2025, 04:52:59 PM
Hi, I'm the plugin maintainer and was not able to reproduce the behavior.
If you had issues with the service start/stop during the package upgrade or at any other time, it would help if you run "cscli support dump" and send the output to support@crowdsec.net. It includes log files and part of the configuration (passwords removed ofc).
A look at that could also explain the initial errors of "cscli ... list", due to the service not running.
Thanks!
If you had issues with the service start/stop during the package upgrade or at any other time, it would help if you run "cscli support dump" and send the output to support@crowdsec.net. It includes log files and part of the configuration (passwords removed ofc).
A look at that could also explain the initial errors of "cscli ... list", due to the service not running.
Thanks!
#6
24.7, 24.10 Series / Re: Monit alert - Resource limit matched
October 08, 2024, 03:57:43 PM
You can find the official crowdsec thread on this issue here:
https://discourse.crowdsec.net/t/bug-opnsense-24-7-5-crowdsec-1-6-3/2057
https://discourse.crowdsec.net/t/bug-opnsense-24-7-5-crowdsec-1-6-3/2057
#7
24.7, 24.10 Series / Re: Monit alert - Resource limit matched
October 08, 2024, 03:55:27 PMQuote from: anym001 on October 08, 2024, 02:50:35 PM
I have executed the command "killall crowdsec".
12834 of 13158 are processes by the name "notification-*".
How can I stop these processes?
"kill 12834" and keep the most recent.
Quote
Why does this problem occur?
tl;dr my fault, longer version: each freebsd package does service management in a slightly different way: start, stop, restart if error but not too often, reload configuration, coordinate process groups... there is no unified way to express the application's needs, like the - admittedly not universally popular - systemd system in linux. Which means it requires more scripts to manage corner cases, and more room for errors.
#8
24.7, 24.10 Series / Re: Monit alert - Resource limit matched
October 08, 2024, 02:41:17 PMQuote from: anym001 on October 08, 2024, 10:09:23 AMQuote from: mmetc on October 08, 2024, 09:13:08 AMThank you for the information.Quote from: anym001 on October 07, 2024, 04:21:13 PMQuote from: mmetc on October 07, 2024, 03:34:24 PM
Hi,
could you test this
# fetch -o /usr/local/etc/rc.d/crowdsec https://github.com/crowdsecurity/plugins/releases/download/crowdsec-1.6.3-2-hotfix/crowdsec
and try start/stop.
Thanks
Do I have to use an additional command to install the hotfix?
I suspect that the update did not work. (Screenshots attached)
No it's ok. The fetch command overwrites a script without installing a new package version. Now if you click start/stop from the UI it should just work.
I have noticed that the service can be stopped via the GUI. (Visible because service status is deactivated in the crowdsec overview)
However, the service is displayed as active in the dashboard and in the overview of services.
You have orphan crowdsec processes and possibly notification plugins.
"killall crowdsec" and check if there are processes that go by the name "notification-*"
#9
24.7, 24.10 Series / Re: Monit alert - Resource limit matched
October 08, 2024, 09:13:08 AMQuote from: anym001 on October 07, 2024, 04:21:13 PMQuote from: mmetc on October 07, 2024, 03:34:24 PM
Hi,
could you test this
# fetch -o /usr/local/etc/rc.d/crowdsec https://github.com/crowdsecurity/plugins/releases/download/crowdsec-1.6.3-2-hotfix/crowdsec
and try start/stop.
Thanks
Do I have to use an additional command to install the hotfix?
I suspect that the update did not work. (Screenshots attached)
No it's ok. The fetch command overwrites a script without installing a new package version. Now if you click start/stop from the UI it should just work.
#10
24.7, 24.10 Series / Re: Monit alert - Resource limit matched
October 07, 2024, 03:34:24 PM
Hi,
could you test this
# fetch -o /usr/local/etc/rc.d/crowdsec https://github.com/crowdsecurity/plugins/releases/download/crowdsec-1.6.3-2-hotfix/crowdsec
and try start/stop.
Thanks
could you test this
# fetch -o /usr/local/etc/rc.d/crowdsec https://github.com/crowdsecurity/plugins/releases/download/crowdsec-1.6.3-2-hotfix/crowdsec
and try start/stop.
Thanks
#11
24.7, 24.10 Series / Re: Monit alert - Resource limit matched
October 07, 2024, 09:44:55 AM
Hi, crowdsec maintainer here
First thing, the daemon manager had an issue and ignored the INT signal sometimes, in this case the upgrade tries to stop the service and fails.
root 40599 4.0 6.8 1390784 104344 - S 09:38 0:01.64 /usr/local/bin/crowdsec -c /usr/local/etc/crowdsec/config.yaml
root 40515 0.0 0.1 12736 2164 - Ss 09:38 0:00.00 daemon: crowdsec[40599] (daemon)
terminate the second process (kill -9 40515) and upgrade to 1.6.3. This changes the script to send a "stronger" signal to stop the process.
Now to understand why it happened, it would be helpful if you could run "cscli support dump" and send the result to support@crowdsec.net. Let us know if, after the upgrade, you still think crowdsec uses too much cpu or ram. It's not a lightweight process but it should not trigger monitoring.
Thanks
First thing, the daemon manager had an issue and ignored the INT signal sometimes, in this case the upgrade tries to stop the service and fails.
root 40599 4.0 6.8 1390784 104344 - S 09:38 0:01.64 /usr/local/bin/crowdsec -c /usr/local/etc/crowdsec/config.yaml
root 40515 0.0 0.1 12736 2164 - Ss 09:38 0:00.00 daemon: crowdsec[40599] (daemon)
terminate the second process (kill -9 40515) and upgrade to 1.6.3. This changes the script to send a "stronger" signal to stop the process.
Now to understand why it happened, it would be helpful if you could run "cscli support dump" and send the result to support@crowdsec.net. Let us know if, after the upgrade, you still think crowdsec uses too much cpu or ram. It's not a lightweight process but it should not trigger monitoring.
Thanks
#12
24.7, 24.10 Series / Re: click on menu item: system-firmware-status -> OPNsense reboots immediately
October 02, 2024, 09:29:36 PM
Hi, I'm the plugin maintainer
This can happen with 1.6.2 when crowdsec is misbehaving for other reasons (possibly misconfigured, port not available etc) then the daemon manager won't stop it correctly because it's stuck in a restart loop. The opnsense upgrade should install 1.6.3 which fixed the issue by using a "stronger" signal to terminate the daemon manager.
I suggest kill -9, or even the broader
```
# kill -9 `ps xw | grep crowdsec | grep -v grep | awk '{print $1'}`
```
then update to 1.6.3, but should happen with the opnsense upgrade
If there is an underlying issue preventing crowdsec from working correctly, the most "complete" way to report it is via "cscli support dump" and email the resulting file to support@crowdsec.net. This includes logs and part of the configuration so it saves us time asking for details.
This can happen with 1.6.2 when crowdsec is misbehaving for other reasons (possibly misconfigured, port not available etc) then the daemon manager won't stop it correctly because it's stuck in a restart loop. The opnsense upgrade should install 1.6.3 which fixed the issue by using a "stronger" signal to terminate the daemon manager.
I suggest kill -9, or even the broader
```
# kill -9 `ps xw | grep crowdsec | grep -v grep | awk '{print $1'}`
```
then update to 1.6.3, but should happen with the opnsense upgrade
If there is an underlying issue preventing crowdsec from working correctly, the most "complete" way to report it is via "cscli support dump" and email the resulting file to support@crowdsec.net. This includes logs and part of the configuration so it saves us time asking for details.
#13
Intrusion Detection and Prevention / Re: crowdsec firewall bouncer does not start - pfctl crowdsec-blacklists not exist
June 05, 2024, 04:49:42 PMQuote from: luckylinux on June 05, 2024, 02:44:11 PM
Now indeed in OPNSense -> Services -> CrowdSec -> Overview it's indeed better:
Service status: crowdsec [tick / success] - firewall bouncer [tick / success]
But it's still unclear to me why this happens on a stock Install ... and for how long it would even work ???.
If there's no error in the reconfigure event, it should keep working. I don't see why it failed the first time.
#14
Intrusion Detection and Prevention / Re: crowdsec firewall bouncer does not start - pfctl crowdsec-blacklists not exist
June 05, 2024, 04:47:27 PMQuote from: cookiemonster on June 05, 2024, 02:33:44 PM
ha ha no. I meant discord. You missed my subsequent post :)
Frankly no idea which one is meant to be the official place for support requests. I hope it is Github.
Discord or Reddit are good for interactive or non-technical support, GitHub for better follow up.
#15
Intrusion Detection and Prevention / Re: crowdsec firewall bouncer does not start - pfctl crowdsec-blacklists not exist
June 05, 2024, 01:52:20 PMQuote from: cookiemonster on June 05, 2024, 10:45:49 AM
sometimes the crowdsec people respond here but best to report directly. They seem to be active on their online thingie that I can't remember what is called.
Maybe you mean GitHub? :)
