Moving to new 25.7 machine how do I preserve my crowdsec configurations - Agents

Started by sparticle, October 04, 2025, 07:14:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 04, 2025, 07:14:22 PM
I am moving over to a new machine. Setup OOtB then install all of the plugins from my old installation as importing the config does not install them automatically.

Once rebooted the crowdsec configuration does not seem to work as none of my network crowdsec agents can connect to the opnsense crowdsec lapi.

The setup config seems to have come across fine all of the options are configured exactly as my old opnsense installation.

I really don't want to have to manually go around all of the network servers with the crowdsec agent running and start again.

Are there some crowdsec config files I have to manually bring across from the old installation.

Any help appreciated.
October 06, 2025, 06:01:34 PM #1
Really, no one has experienced this.


When I bring up the new 25.7 instance and import the backed up config. The Crowdsec config looks exactly the same as the old OPNSense system. But the network devices that are running and reporting via the new LAPI connection are not there anymore and are not reported.

Checking on the command line, the network machines don't exist.
October 06, 2025, 06:16:33 PM #2
I did have it on an OPN re-install. Few machines so it was simple to re-register.
Best I can think of is to suggest to ask their channels referenced here: https://docs.crowdsec.net/u/getting_started/health_check
That said and without wanting to lead you astray, from my limited understanding https://doc.crowdsec.net/docs/next/local_api/intro , it needs them re-registering for it to be clean, but for what you want (which I think is reasonable) maybe I can help you compare. My setup is currently working. I suspect (do not actually know) that is not only the config that is needed but a collection of files in the /usr/local/etc/crowdsec/ directory. Maybe you can get away with the same local_api_credentials.yaml if all else is identical. Worth a comparison I think.
October 06, 2025, 11:43:56 PM #3
Hey @cookiemonster many thanks for taking the time to respond I saw that the credentials files were different on the OPNSense old vs new. I will take a look at the docs but I think you might be right and I have to manually re-register all of the network agents! PITA!

For other benefits I will post back here the solution.

Cheers
Print
Go Up Pages1
User actions