Upgrade to -> 22.7 Crowdsec not working.

Started by I3iker, August 04, 2022, 10:18:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 04, 2022, 10:18:40 PM
Hello

after an Upgrade to 22.7 my crowdsec config ist not working anymore.
I haved searched for all kind of solution but Nothing works for me.
I have uninstalled all packages, deleted the db.
On a fresh install of opnsense and older Version i have no Problems.

tail /var/log/crowdsec/crowdsec.log -> Have changed the Port but this helps also nothing always one thing the bouncer or the agent doesnt come up.



Code Select
time="04-08-2022 22:05:13" level=fatal msg="starting outputs error : authenticate watcher : Post \"http://127.0.0.1:8080/v1/watchers/login\": could not get jwt token: Post \"http://127.0.0.1:8080/v1/watchers/                                                           login\": read tcp 127.0.0.1:11216->127.0.0.1:8080: read: connection reset by peer"


THX for the Support.

August 05, 2022, 02:04:21 PM #1 Last Edit: August 05, 2022, 02:05:59 PM by mmetc
Hi!

The agent (which is half of crowdsec) is trying to connect to the LAPI (the other half) and failing.

When you removed the db without also removing local_api_credentials.yaml, you caused a password mismatch.


I suppose you want agent and LAPI both on the same machine.

In this case, verify that:

- you have os-crowdsec 1.0 and not os-crowdsec-devel
- the settings have the following default values:

Y - Enable CrowdSec (IDS)
Y - Enable LAPI
Y - Enable Firewall Bouncer (IPS)
N - Manual LAPI configuration

LAPI listen address: 127.0.0.1
LAPI listen port: 8080

You can apply these and see if it works.

If it doesn't and you can reinstall: remove the plugin, check that the packages crowdsec and crowdsec-firewall-bouncer have been removed, then delete by hand /var/db/crowdsec, /usr/local/etc/crowdsec before reinstalling again.

If you don't want to reinstall you can remove the machine, remove login and password from /usr/local/etc/crowdsec/local_api_credentials.yaml and restart the services, that should fix it but I have not tried.

If your LAPI is on a different machine, you should follow the directions in https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_opnsense


Let me know..


August 06, 2022, 10:37:05 AM #2
Hello mmetc,

i tried all your settings but it doesnt come up :(
the strange thing is that he said when i uninstall all per cli and install it again that the firewall bouncer is already installed but i double checked it isnt.
I have delete all files and folders i found.
Maybe some packets from the bouncer are on the system i didnt find.
Any ideas.

bg
August 06, 2022, 08:15:48 PM #3
Code Select
level=error msg="auth-api: auth with api key failed return nil response, error: read tcp 127.0.0.1:27107->127.0.0.1:8080: read: connection reset by peer"
August 13, 2022, 10:17:48 PM #4
AHH i am a idiot  ;D

@mmetc
FYI: My Problem was the Anti DDOS. Syn and Cookies was on.
May 24, 2024, 05:45:29 AM #5
Quote from: mmetc on August 05, 2022, 02:04:21 PM
If you don't want to reinstall you can remove the machine, remove login and password from /usr/local/etc/crowdsec/local_api_credentials.yaml and restart the services, that should fix it but I have not tried.
this way didn't work, but the removal of db and config folder worked thanks.

this plugin and ntopng are high maintenance, and sort of unreliable. crowdsec GUI also always lies everything is OK. the alias is getting empty, i have a scheduled task to restart crowdsec every few hours. i thought i was out of woods, and stopped the months long stressful watching, but today i noticed the blocklist is again empty. checked the logs, and it didn't load for 2months! i don't know why, but i've also got the same issue here.
May 24, 2024, 11:07:11 AM #6
Quote from: 36thchamber on May 24, 2024, 05:45:29 AM
Quote from: mmetc on August 05, 2022, 02:04:21 PM
If you don't want to reinstall you can remove the machine, remove login and password from /usr/local/etc/crowdsec/local_api_credentials.yaml and restart the services, that should fix it but I have not tried.
this way didn't work, but the removal of db and config folder worked thanks.

this plugin and ntopng are high maintenance, and sort of unreliable. crowdsec GUI also always lies everything is OK. the alias is getting empty, i have a scheduled task to restart crowdsec every few hours. i thought i was out of woods, and stopped the months long stressful watching, but today i noticed the blocklist is again empty. checked the logs, and it didn't load for 2months! i don't know why, but i've also got the same issue here.

Hi, if you are running the latest version could you please send to support@crowdsec.net:

- the result of "cscli support dump"
- the content of /var/log/crowdsec
- the output of "sed -n '/<crowdsec>/,/<\/crowdsec>/p' /conf/config.xml"

I'd like to get to the bottom of this, thanks!
May 24, 2024, 10:03:54 PM #7
thanks, let me reproduce it. initially i watched it for a few months, and then applied script, and now i turn it off to see if it's stil the case.
Print
Go Up Pages1
User actions