Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Crowdsec working with other linked machines?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Crowdsec working with other linked machines? (Read 1352 times)
sarkyscouser
Newbie
Posts: 28
Karma: 0
Crowdsec working with other linked machines?
«
on:
January 08, 2024, 08:48:07 am »
I set up the Crowdsec plugin a week or so ago and I connected a docker Crowdsec instance (192.168.1.9 in the screenshot, monitoring caddy, home assistant and journald logs on a linux server) to the OPNSense Crowdsec instance but I'm not convinced that it's working as the last updated was 6 days ago. The external machine has been verified and is registered with crowdsec.net etc.
See the attached screengrab, is this how it's supposed to be?
Both the OPNSense Crowdsec (192.168.1.1) and the linux docker install are both parsing logs based on their cscli metrics but I'm not convinced that the docker Crowdsec is actually influencing the OPNSense bouncer at all and certainly doesn't appear to be updating it?
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Crowdsec working with other linked machines?
«
Reply #1 on:
January 08, 2024, 10:46:20 am »
Could you restart the crowdsec service from the lobby? Got the feeling it needs this.
Logged
sarkyscouser
Newbie
Posts: 28
Karma: 0
Re: Crowdsec working with other linked machines?
«
Reply #2 on:
January 08, 2024, 10:57:27 am »
OK just tried this, I have restarted the service and the whole router in the last week and it doesn't make a change to the machine statuses sadly. I've also restarted the linux/docker crowdsec instance as well.
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Crowdsec working with other linked machines?
«
Reply #3 on:
January 08, 2024, 11:01:59 am »
Ok. I had to do just that after re-registering a machine. I could see logs on that side that helped though.
But I don't know if you can go though those logs on your docker thingies side.
Logged
sarkyscouser
Newbie
Posts: 28
Karma: 0
Re: Crowdsec working with other linked machines?
«
Reply #4 on:
January 08, 2024, 11:14:56 am »
I can access the docker logs yes, anything specific I should be looking for? The log is pretty big so just wondering what to search for. I'll restart the container now and watch the log, but it's very verbose so no easy to spot issues.
Do your machine statuses update?
Logged
sarkyscouser
Newbie
Posts: 28
Karma: 0
Re: Crowdsec working with other linked machines?
«
Reply #5 on:
January 08, 2024, 11:21:19 am »
Recreated the docker container, nothing at all in there about connecting to the OPNSense LAPI on 192.168.1.1 no errors or even confirmation that it's connected
Logged
cookiemonster
Hero Member
Posts: 1821
Karma: 95
Re: Crowdsec working with other linked machines?
«
Reply #6 on:
January 08, 2024, 01:27:56 pm »
Hi. This machine is givin me a lot of trouble. It's a VM in proxmox and like right now it has crashed and it seems to bring down the whole node. Very annoying. I can't see logs right now to help more but I remember having to check logs for both the bouncer on it and the crowdsec.log for clues but can't recall now what I did find there if anything.
Later I had to restart the crowdsec service on OPN to get the machine to start syncing again.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Crowdsec working with other linked machines?
