Show Posts
1
24.1 Legacy Series / Re: Crowdsec Daemon is stopping at 1am (sometimes)
« on: March 08, 2024, 07:23:32 pm »
I can see the dashboard service status every day turn to a red play button. upon clicking it it starts back up and runs fine for that day.
not sure what logs i can also check, but like others have said, i cant seem to find it crashing in any logs. it just turns off until i start it again.
/var/log/crowdsec/crowdsec.log
time="2024-03-08T01:19:14-05:00" level=error msg="Failed to fetch network for 194.26.135.250 : the MaxMind DB file's data section contains bad data (float 64 size of 19)" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:34-05:00" level=error msg="Unable to enrich ip '167.94.145.90'" id=morning-snow method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:34-05:00" level=error msg="Failed to fetch network for 167.94.145.90 : unexpected type when decoding string: 79" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:51-05:00" level=error msg="Unable to enrich ip '109.205.213.22'" id=morning-snow method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:51-05:00" level=error msg="Failed to fetch network for 109.205.213.22 : the MaxMind DB file's data section contains bad data (float 64 size of 20)" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:20:06-05:00" level=error msg="Unable to enrich ip '109.205.213.22'" id=morning-snow method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:20:06-05:00" level=error msg="Failed to fetch network for 109.205.213.22 : the MaxMind DB file's data section contains bad data (float 64 size of 20)" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T12:14:30-05:00" level=warning msg="You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning."
time="2024-03-08T12:14:30-05:00" level=info msg="Enabled feature flags: <none>"
time="2024-03-08T12:14:30-05:00" level=info msg="Crowdsec v1.6.0-freebsd-4b8e6cd7"
time="2024-03-08T12:14:30-05:00" level=info msg="Loading prometheus collectors"
time="2024-03-08T12:14:30-05:00" level=info msg="Loading CAPI manager"
time="2024-03-08T12:14:30-05:00" level=info msg="flushed 6/33 alerts because they were created 7d ago or more"
time="2024-03-08T12:14:31-05:00" level=info msg="CAPI manager configured successfully"
time="2024-03-08T12:14:31-05:00" level=error msg="Machine is not enrolled in the console, can't synchronize with the console"
time="2024-03-08T12:14:31-05:00" level=info msg="Start push to CrowdSec Central API (interval: 11s once, then 10s)"
time="2024-03-08T12:14:31-05:00" level=info msg="CrowdSec Local API listening on 127.0.0.1:8080"
time="2024-03-08T12:14:31-05:00" level=info msg="Start sending metrics to CrowdSec Central API (interval: 17m52s once, then 30m0s)"
time="2024-03-08T12:14:31-05:00" level=info msg="capi metrics: sending"
time="2024-03-08T12:14:31-05:00" level=info msg="Loading grok library /usr/local/etc/crowdsec/patterns"
time="2024-03-08T12:14:31-05:00" level=info msg="Starting community-blocklist update"
/var/log/crowdsec/crowdsec_api.log
time="2024-03-08T01:19:21-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:21 EST] \"GET /v1/decisions/stream HTTP/1.1 200 19.186703ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:19:31-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:31 EST] \"GET /v1/decisions/stream HTTP/1.1 200 20.377403ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:19:41-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:41 EST] \"GET /v1/decisions/stream HTTP/1.1 200 19.258695ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:19:51-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:51 EST] \"GET /v1/decisions/stream HTTP/1.1 200 39.013967ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:20:01-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:20:01 EST] \"GET /v1/decisions/stream HTTP/1.1 200 25.659197ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T12:14:31-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:31 EST] \"POST /v1/watchers/login HTTP/1.1 200 54.670453ms \"crowdsec/v1.6.0-freebsd-4b8e6cd7\" \""
time="2024-03-08T12:14:45-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:45 EST] \"GET /v1/decisions/stream HTTP/1.1 200 224.060551ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T12:14:45-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:45 EST] \"GET /v1/decisions/stream HTTP/1.1 200 15.971222ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T12:14:50-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:50 EST] \"GET /v1/decisions/stream HTTP/1.1 200 14.849763ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
not sure what logs i can also check, but like others have said, i cant seem to find it crashing in any logs. it just turns off until i start it again.
/var/log/crowdsec/crowdsec.log
time="2024-03-08T01:19:14-05:00" level=error msg="Failed to fetch network for 194.26.135.250 : the MaxMind DB file's data section contains bad data (float 64 size of 19)" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:34-05:00" level=error msg="Unable to enrich ip '167.94.145.90'" id=morning-snow method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:34-05:00" level=error msg="Failed to fetch network for 167.94.145.90 : unexpected type when decoding string: 79" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:51-05:00" level=error msg="Unable to enrich ip '109.205.213.22'" id=morning-snow method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:19:51-05:00" level=error msg="Failed to fetch network for 109.205.213.22 : the MaxMind DB file's data section contains bad data (float 64 size of 20)" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:20:06-05:00" level=error msg="Unable to enrich ip '109.205.213.22'" id=morning-snow method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T01:20:06-05:00" level=error msg="Failed to fetch network for 109.205.213.22 : the MaxMind DB file's data section contains bad data (float 64 size of 20)" id=morning-snow method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time="2024-03-08T12:14:30-05:00" level=warning msg="You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning."
time="2024-03-08T12:14:30-05:00" level=info msg="Enabled feature flags: <none>"
time="2024-03-08T12:14:30-05:00" level=info msg="Crowdsec v1.6.0-freebsd-4b8e6cd7"
time="2024-03-08T12:14:30-05:00" level=info msg="Loading prometheus collectors"
time="2024-03-08T12:14:30-05:00" level=info msg="Loading CAPI manager"
time="2024-03-08T12:14:30-05:00" level=info msg="flushed 6/33 alerts because they were created 7d ago or more"
time="2024-03-08T12:14:31-05:00" level=info msg="CAPI manager configured successfully"
time="2024-03-08T12:14:31-05:00" level=error msg="Machine is not enrolled in the console, can't synchronize with the console"
time="2024-03-08T12:14:31-05:00" level=info msg="Start push to CrowdSec Central API (interval: 11s once, then 10s)"
time="2024-03-08T12:14:31-05:00" level=info msg="CrowdSec Local API listening on 127.0.0.1:8080"
time="2024-03-08T12:14:31-05:00" level=info msg="Start sending metrics to CrowdSec Central API (interval: 17m52s once, then 30m0s)"
time="2024-03-08T12:14:31-05:00" level=info msg="capi metrics: sending"
time="2024-03-08T12:14:31-05:00" level=info msg="Loading grok library /usr/local/etc/crowdsec/patterns"
time="2024-03-08T12:14:31-05:00" level=info msg="Starting community-blocklist update"
/var/log/crowdsec/crowdsec_api.log
time="2024-03-08T01:19:21-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:21 EST] \"GET /v1/decisions/stream HTTP/1.1 200 19.186703ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:19:31-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:31 EST] \"GET /v1/decisions/stream HTTP/1.1 200 20.377403ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:19:41-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:41 EST] \"GET /v1/decisions/stream HTTP/1.1 200 19.258695ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:19:51-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:19:51 EST] \"GET /v1/decisions/stream HTTP/1.1 200 39.013967ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T01:20:01-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 01:20:01 EST] \"GET /v1/decisions/stream HTTP/1.1 200 25.659197ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T12:14:31-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:31 EST] \"POST /v1/watchers/login HTTP/1.1 200 54.670453ms \"crowdsec/v1.6.0-freebsd-4b8e6cd7\" \""
time="2024-03-08T12:14:45-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:45 EST] \"GET /v1/decisions/stream HTTP/1.1 200 224.060551ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T12:14:45-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:45 EST] \"GET /v1/decisions/stream HTTP/1.1 200 15.971222ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""
time="2024-03-08T12:14:50-05:00" level=info msg="127.0.0.1 - [Fri, 08 Mar 2024 12:14:50 EST] \"GET /v1/decisions/stream HTTP/1.1 200 14.849763ms \"crowdsec-firewall-bouncer/v0.0.28-freebsd-af6e7e2\" \""