Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Lamera
    @Lamera
    Hello together
    I have a question: what is best practice to customize some scenarios?
    When I change some values, then cscli complains about tainted.
    registergoofy
    @registergoofy
    Yes, this is the way it should be done for now: The fact that it's tainted prevent cscli from automatically upgrade it
    jeremief
    @jeremief:matrix.org
    [m]
    Hi , i just join the private beta , for test instance you just lauch the enroll.sh ?
    Thibault "bui" Koechlin
    @buixor
    don't hesitate to comment
    registergoofy
    @registergoofy
    In the future, we plan to allow override of scenarios in order to allow them to be upgraded as bui pointed out
    Lamera
    @Lamera
    Thanks, I'll have a look. :-)
    Lamera
    @Lamera
    I discovered that when using master/slave model the slave instances have a really long time to stop crowdsec.service. Can anybody confirm this behavior?
    Thibault "bui" Koechlin
    @buixor
    I didn't notice that @Lamera. When you're doing like systemctl stop ?
    Lamera
    @Lamera
    yes. systemctl stop crowdsec.service and systemctl restart crowdsec.service.
    systemd has a timeout. i think it hangs until this timeout is reached.
    Thibault "bui" Koechlin
    @buixor
    out of curiosity, which version of crowdsec are you using ? I'll try to reproduce on my end :)
    (and thanks for the report ofc)
    Lamera
    @Lamera
    the version on master and slave is:
    2021/05/20 09:50:20 version: v1.0.13-a19f13ab45a18024ad7ddbf38ef2ff4aadeaaaf5
    2021/05/20 09:50:20 Codename: alphaga
    2021/05/20 09:50:20 BuildDate: 2021-04-27_11:01:18
    2021/05/20 09:50:20 GoVersion: 1.13.15
    2021/05/20 09:50:20 Constraint_parser: >= 1.0, <= 2.0
    2021/05/20 09:50:20 Constraint_scenario: >= 1.0, < 3.0
    2021/05/20 09:50:20 Constraint_api: v1
    2021/05/20 09:50:20 Constraint_acquis: >= 1.0, < 2.0
    Thibault "bui" Koechlin
    @buixor
    thanks, they're communicating over lan ?
    Lamera
    @Lamera
    yes
    when i have a look at the logs, i can see it hangs on this step:
    time="20-05-2021 09:52:36" level=info msg="Killing parser routines"
    time="20-05-2021 09:52:37" level=info msg="Bucket routine exiting"
    Thibault "bui" Koechlin
    @buixor
    would you mind sharing the logs of the slave shutdown ? (you can pm me if you prefer)
    Lamera
    @Lamera
    of course. it's still shutting down xD
    Thibault "bui" Koechlin
    @buixor
    :D
    SKY
    @skyser93
    Hello together!
    I have a question: how to configure the return of crowdsec logs to a specific ip address?
    Thibault "bui" Koechlin
    @buixor
    Hello @skyser93 :)
    Not sure to understand your question tho, what do you want to achieve ? :)
    SKY
    @skyser93
    @buixor we need the crowdsec logs to be sent to SIEM (security information and event management)
    Thibault "bui" Koechlin
    @buixor
    @skyser93 for now crowdsec only support stdout and file media for outputing logs. If you have a rsyslog/syslog on the machine where crowdsec runs you could use imfile, but maybe native syslog output would be best ?
    jeremief
    @jeremief:matrix.org
    [m]
    hi
    on my https://app.crowdsec.net/ not synchronise my instance its normal ?
    Lucas CHERIFI
    @lucascherifi
    HI @jeremief:matrix.org I investigate the problem
    Lucas CHERIFI
    @lucascherifi
    @jeremief:matrix.org it seems that one of your instances has never sent a signal, this is a special case that we need to control. I will keep you posted when this item is dealt with
    jeremief
    @jeremief:matrix.org
    [m]
    Last activity: today at 2:41 PM
    Instance ...vjuo
    settings
    An unexpected error occured while synchronizing your instance. Please contact support.
    Lucas CHERIFI
    @lucascherifi
    @jeremief:matrix.org this should be fixed now
    GuiguiAbloc
    @guiguiabloc

    Hi All ! i've my cs-bouncer-firewall service that crashes unexpectedly :/
    log show :

    time="18-05-2021 17:01:42" level=info msg="deleting '1' decisions" time="18-05-2021 17:29:32" level=info msg="deleting '80' decisions" time="18-05-2021 17:29:32" level=info msg="adding '80' decisions" time="18-05-2021 19:29:32" level=info msg="deleting '80' decisions" time="18-05-2021 19:29:32" level=info msg="adding '80' decisions" time="18-05-2021 21:05:02" level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 127.0.0.1:8080: connect: connection refused"
    an idea ? :/

    nothing strange in crowdsec.log
    GuiguiAbloc
    @guiguiabloc
    ok fix in 0.0.8, upgrade (i have a dream, a "cscli bouncers upgrade") ;)
    Thibault "bui" Koechlin
    @buixor
    you dream's will soon be true @guiguiabloc : we're (actually @registergoofy ) working on deb/rpm packages for bouncers
    so you can apt-get your way around ;)
    GuiguiAbloc
    @guiguiabloc
    :D nice !
    Ritchie
    @_absolem_gitlab
    Hi @all, I am facing an issue that cs-firewall-bouncer doesn't create the "crowdsec" table in nftables mode. I already posted this issue on discourse.
    Does anyone have an idea why this happens?
    AlteredCoder
    @AlteredCoder
    Hello @_absolem_gitlab
    I send you a private message to debug this
    Piké
    @pike:matrix.hya.sk
    [m]
    Hello Guys,
    First, thanks for your work.
    I am currently looking on how crowdsec could be integrated to my company, and I was wondering on how to setup it with redundancy.
    it's not mentionned on you doc. But setup multiples Local API with the same DB will do the trick ?
    Thibault "bui" Koechlin
    @buixor
    @pike:matrix.hya.sk o/
    I didn't try it first hand, but yes, having multiple local api with the same DB and some LB in front should do the trick
    at least for failover, for concurrency I wouldn't be able to tell
    Piké
    @pike:matrix.hya.sk
    [m]
    Thanks buixor (Thibault "bui" Koechlin) , I will try it
    Thibault "bui" Koechlin
    @buixor
    sure let us know :)
    Piké
    @pike:matrix.hya.sk
    [m]
    of course ;)
    ZeroBS_GmbH
    @zero_B_S_twitter
    @buixor back on track
    Thibault "bui" Koechlin
    @buixor
    @zero_B_S_twitter o/