search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.88k stars 460 forks source link

crashed : interface conversion: interface {} is nil, not parser.GeoIpEnricherCtxBug/crowdsec/runParse: #1049

Closed fmarier closed 2 years ago

fmarier commented 2 years ago

Describe the bug I see the following in my logs when I run systemctl start crowdsec.service on Debian bullseye:

time="12-11-2021 06:28:58" level=warning msg="Starting processing data"
time="12-11-2021 06:28:59" level=info msg="pull top: added 65 entries"
time="12-11-2021 06:28:59" level=error msg="crowdsec - goroutine crowdsec/runParse crashed : interface conversion: interface {} is nil, not parser.GeoIpEnricherCtx"
time="12-11-2021 06:28:59" level=error msg="please report this error to https://github.com/crowdsecurity/crowdsec/"
time="12-11-2021 06:28:59" level=error msg="stacktrace/report is written to /tmp/crowdsec-crash.548920771.txt : please join it to your issue"
time="12-11-2021 06:28:59" level=fatal msg="crowdsec stopped"

Technical Information (please complete the following information):

Additional context

$ cat /tmp/crowdsec-crash.548920771.txt
version: 1.0.9-2+b4-debian
Codename: alphaga
BuildDate: 2021-08-04_20:01:32
GoVersion: 1.15.9
goroutine 134 [running]:
runtime/debug.Stack(0xc0008b22d0, 0xc0008d8120, 0x5e)
    runtime/debug/stack.go:24 +0x9f
github.com/crowdsecurity/crowdsec/pkg/types.CatchPanic(0x12942e6, 0x11)
    github.com/crowdsecurity/crowdsec/pkg/types/utils.go:100 +0x238
panic(0x11879c0, 0xc0008ecc90)
    runtime/panic.go:969 +0x1b9
github.com/crowdsecurity/crowdsec/pkg/parser.GeoIpCity(0xc0010ece00, 0xd, 0xc0003ce8c0, 0x0, 0x0, 0x1, 0x1, 0x0)
    github.com/crowdsecurity/crowdsec/pkg/parser/enrich_geoip.go:82 +0x73b
github.com/crowdsecurity/crowdsec/pkg/parser.(*Node).ProcessStatics(0xc0008f5268, 0xc0001ffb00, 0x9, 0x9, 0xc0003ce8c0, 0x1, 0x1)
    github.com/crowdsecurity/crowdsec/pkg/parser/runtime.go:146 +0x4d5
github.com/crowdsecurity/crowdsec/pkg/parser.(*Node).process(0xc0008f5268, 0xc0003ce8c0, 0xc000317020, 0xc000dc1c80, 0x3, 0x4, 0x1, 0xc000157600, 0x17, 0x1, ...)
    github.com/crowdsecurity/crowdsec/pkg/parser/node.go:323 +0x151c
github.com/crowdsecurity/crowdsec/pkg/parser.Parse(0xc000317020, 0xc000dc1c80, 0x3, 0x4, 0x1, 0xc000157600, 0x17, 0x0, 0x0, 0x0, ...)
    github.com/crowdsecurity/crowdsec/pkg/parser/runtime.go:288 +0xabc
main.runParse(0xc0010dcc00, 0xc0010dcc60, 0xc000317020, 0xc000dc1c80, 0x3, 0x4, 0x1, 0xc000157600, 0x17, 0xc00078ea80, ...)
    github.com/crowdsecurity/crowdsec/cmd/crowdsec/parse.go:28 +0x2e8
main.runCrowdsec.func1.1(0x0, 0x0)
    github.com/crowdsecurity/crowdsec/cmd/crowdsec/crowdsec.go:55 +0x125
gopkg.in/tomb%2ev2.(*Tomb).run(0x19277e0, 0xc000457c00)
    gopkg.in/tomb.v2/tomb.go:163 +0x38
created by gopkg.in/tomb%2ev2.(*Tomb).Go
    gopkg.in/tomb.v2/tomb.go:159 +0xbc
fmarier commented 2 years ago

Then I installed the geoip-database package and was able to restart crowdsec successfully using systemctl restart crowdsec.service.

fmarier commented 2 years ago

was able to restart crowdsec successfully using systemctl restart crowdsec.service.

Nevermind that comment. It only worked once and crowdsec.service will no longer start. It didn't seem to have anything to do with the package being installed or not.

buixor commented 2 years ago

Hello @fmarier,

How did you install crowdsec ? Did you got the package from the official debian repositories or ours ? Would you mind sharing the output of cscli hub list ?

Thanks,

fmarier commented 2 years ago

I installed it from the official Debian repository.

$ cscli hub list
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/apache2 : outdated parsers crowdsecurity/apache2-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/linux : sub collection crowdsecurity/sshd is broken : outdated parsers crowdsecurity/sshd-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/naxsi : outdated parsers crowdsecurity/nginx-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/iptables : outdated parsers crowdsecurity/iptables-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/nginx : outdated parsers crowdsecurity/nginx-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/sshd : outdated parsers crowdsecurity/sshd-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/base-http-scenarios : outdated parsers crowdsecurity/http-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/postfix : outdated parsers crowdsecurity/postfix-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/iptables : outdated parsers crowdsecurity/iptables-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/nginx : outdated parsers crowdsecurity/nginx-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/sshd : outdated parsers crowdsecurity/sshd-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/base-http-scenarios : outdated parsers crowdsecurity/http-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/postfix : outdated parsers crowdsecurity/postfix-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/apache2 : outdated parsers crowdsecurity/apache2-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/linux : sub collection crowdsecurity/sshd is broken : outdated parsers crowdsecurity/sshd-logs 
INFO[14-11-2021 06:58:52 PM] dependency issue crowdsecurity/naxsi : outdated parsers crowdsecurity/nginx-logs 
INFO[14-11-2021 06:58:52 PM] Loaded 15 collecs, 21 parsers, 24 scenarios, 3 post-overflow parsers 
INFO[14-11-2021 06:58:52 PM] unmanaged items : 58 local, 0 tainted        
INFO[14-11-2021 06:58:52 PM] PARSERS:                                     
-------------------------------------------------------------------------------------------------------------------------------
 NAME                            πŸ“¦ STATUS                     VERSION  LOCAL PATH                                             
-------------------------------------------------------------------------------------------------------------------------------
 crowdsecurity/apache2-logs      ⚠️  enabled,update-available  0.4      /etc/crowdsec/parsers/s01-parse/apache2-logs.yaml      
 crowdsecurity/cowrie-logs       βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/cowrie-logs.yaml       
 crowdsecurity/naxsi-logs        βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s02-enrich/naxsi-logs.yaml       
 crowdsecurity/whitelists        βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s02-enrich/whitelists.yaml       
 crowdsecurity/tcpdump-logs      βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/tcpdump-logs.yaml      
 crowdsecurity/geoip-enrich      βœ”οΈ  enabled                   0.2      /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml     
 crowdsecurity/iptables-logs     ⚠️  enabled,update-available  0.1      /etc/crowdsec/parsers/s01-parse/iptables-logs.yaml     
 crowdsecurity/nginx-logs        ⚠️  enabled,update-available  0.2      /etc/crowdsec/parsers/s01-parse/nginx-logs.yaml        
 crowdsecurity/sshd-logs         ⚠️  enabled,update-available  0.1      /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml         
 crowdsecurity/postfix-logs      ⚠️  enabled,update-available  0.2      /etc/crowdsec/parsers/s01-parse/postfix-logs.yaml      
 crowdsecurity/syslog-logs       βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml         
 crowdsecurity/dateparse-enrich  βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml 
 crowdsecurity/dovecot-logs      βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/dovecot-logs.yaml      
 crowdsecurity/modsecurity       βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/modsecurity.yaml       
 crowdsecurity/mysql-logs        βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/mysql-logs.yaml        
 crowdsecurity/http-logs         ⚠️  enabled,update-available  0.5      /etc/crowdsec/parsers/s02-enrich/http-logs.yaml        
 crowdsecurity/postscreen-logs   βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/postscreen-logs.yaml   
 crowdsecurity/smb-logs          βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/smb-logs.yaml          
 crowdsecurity/vsftpd-logs       βœ”οΈ  enabled                   0.1      /etc/crowdsec/parsers/s01-parse/vsftpd-logs.yaml       
-------------------------------------------------------------------------------------------------------------------------------
INFO[14-11-2021 06:58:52 PM] SCENARIOS:                                   
---------------------------------------------------------------------------------------------------------------------------
 NAME                                       πŸ“¦ STATUS    VERSION  LOCAL PATH                                               
---------------------------------------------------------------------------------------------------------------------------
 crowdsecurity/dovecot-spam                 βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/dovecot-spam.yaml                
 crowdsecurity/http-sqli-probing            βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-sqli-probing.yaml           
 crowdsecurity/iptables-scan-multi_ports    βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/iptables-scan-multi_ports.yaml   
 crowdsecurity/ssh-bf                       βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/ssh-bf.yaml                      
 crowdsecurity/ban-defcon-drop_range        βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/ban-defcon-drop_range.yaml       
 crowdsecurity/http-crawl-non_statics       βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-crawl-non_statics.yaml      
 crowdsecurity/http-probing                 βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-probing.yaml                
 crowdsecurity/smb-bf                       βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/smb-bf.yaml                      
 crowdsecurity/vsftpd-bf                    βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/vsftpd-bf.yaml                   
 ltsich/http-w00tw00t                       βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/http-w00tw00t.yaml               
 crowdsecurity/telnet-bf                    βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/telnet-bf.yaml                   
 crowdsecurity/http-bf-wordpress_bf         βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-bf-wordpress_bf.yaml        
 crowdsecurity/http-generic-bf              βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/http-generic-bf.yaml             
 crowdsecurity/http-sensitive-files         βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-sensitive-files.yaml        
 crowdsecurity/modsecurity                  βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/modsecurity.yaml                 
 crowdsecurity/mysql-bf                     βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/mysql-bf.yaml                    
 crowdsecurity/postfix-spam                 βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/postfix-spam.yaml                
 crowdsecurity/http-backdoors-attempts      βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-backdoors-attempts.yaml     
 crowdsecurity/http-bad-user-agent          βœ”οΈ  enabled  0.4      /etc/crowdsec/scenarios/http-bad-user-agent.yaml         
 crowdsecurity/http-path-traversal-probing  βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-path-traversal-probing.yaml 
 crowdsecurity/http-xss-probing             βœ”οΈ  enabled  0.2      /etc/crowdsec/scenarios/http-xss-probing.yaml            
 crowdsecurity/naxsi-exploit-vpatch         βœ”οΈ  enabled  0.1      /etc/crowdsec/scenarios/naxsi-exploit-vpatch.yaml        
---------------------------------------------------------------------------------------------------------------------------
INFO[14-11-2021 06:58:52 PM] COLLECTIONS:                                 
----------------------------------------------------------------------------------------------------------------------------------
 NAME                                 πŸ“¦ STATUS                     VERSION  LOCAL PATH                                           
----------------------------------------------------------------------------------------------------------------------------------
 crowdsecurity/apache2                ⚠️  enabled,update-available  0.1      /etc/crowdsec/collections/apache2.yaml               
 crowdsecurity/linux                  βœ”οΈ  enabled                   0.2      /etc/crowdsec/collections/linux.yaml                 
 crowdsecurity/naxsi                  ⚠️  enabled,update-available  0.1      /etc/crowdsec/collections/naxsi.yaml                 
 crowdsecurity/whitelist-good-actors  βœ”οΈ  enabled                   0.1      /etc/crowdsec/collections/whitelist-good-actors.yaml 
 crowdsecurity/wordpress              βœ”οΈ  enabled                   0.1      /etc/crowdsec/collections/wordpress.yaml             
 crowdsecurity/iptables               ⚠️  enabled,update-available  0.1      /etc/crowdsec/collections/iptables.yaml              
 crowdsecurity/modsecurity            βœ”οΈ  enabled                   0.1      /etc/crowdsec/collections/modsecurity.yaml           
 crowdsecurity/nginx                  ⚠️  enabled,update-available  0.1      /etc/crowdsec/collections/nginx.yaml                 
 crowdsecurity/sshd                   ⚠️  enabled,update-available  0.1      /etc/crowdsec/collections/sshd.yaml                  
 crowdsecurity/base-http-scenarios    ⚠️  enabled,update-available  0.3      /etc/crowdsec/collections/base-http-scenarios.yaml   
 crowdsecurity/mysql                  βœ”οΈ  enabled                   0.1      /etc/crowdsec/collections/mysql.yaml                 
 crowdsecurity/dovecot                βœ”οΈ  enabled                   0.1      /etc/crowdsec/collections/dovecot.yaml               
 crowdsecurity/postfix                ⚠️  enabled,update-available  0.2      /etc/crowdsec/collections/postfix.yaml               
 crowdsecurity/vsftpd                 βœ”οΈ  enabled                   0.1      /etc/crowdsec/collections/vsftpd.yaml                
----------------------------------------------------------------------------------------------------------------------------------
INFO[14-11-2021 06:58:52 PM] POSTOVERFLOWS:                               
---------------------------------------------------------------------------------------------------------------------------
 NAME                              πŸ“¦ STATUS    VERSION  LOCAL PATH                                                        
---------------------------------------------------------------------------------------------------------------------------
 crowdsecurity/cdn-whitelist       βœ”οΈ  enabled  0.3      /etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml      
 crowdsecurity/rdns                βœ”οΈ  enabled  0.2      /etc/crowdsec/postoverflows/s00-enrich/rdns.yaml                  
 crowdsecurity/seo-bots-whitelist  βœ”οΈ  enabled  0.4      /etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml 
---------------------------------------------------------------------------------------------------------------------------
sabban commented 2 years ago

Can you try cscli hub upgrade --force ?

Please keep us updated on this.

fmarier commented 2 years ago

It looks like my version of cscli doesn't have the --force option:

$ sudo cscli hub update --force
Error: unknown flag: --force
Usage:
  cscli hub update [flags]

Flags:
  -h, --help   help for update

Global Flags:
  -b, --branch string   Use given branch from hub
  -c, --config string   path to crowdsec config file (default "/etc/crowdsec/config.yaml")
      --debug           Set logging to debug.
      --error           Set logging to error.
      --info            Set logging to info.
  -o, --output string   Output format : human, json, raw.
      --trace           Set logging to trace.
      --warning         Set logging to warning.

FATA[0000] While executing root command : unknown flag: --force
sabban commented 2 years ago

Hi,

The force option in on upgrade command (not on update).

Update is for updating the parsers/scenarios/collections index, and upgrade is for actually upgrading them.

fmarier commented 2 years ago

Ah, sorry I got that wrong. Here's the correct command:

$ sudo cscli hub upgrade --force
[sudo] Mot de passe de rootΒ : 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/naxsi : outdated parsers crowdsecurity/nginx-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/base-http-scenarios : outdated parsers crowdsecurity/http-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/nginx : outdated parsers crowdsecurity/nginx-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/iptables : outdated parsers crowdsecurity/iptables-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/linux : sub collection crowdsecurity/sshd is broken : outdated parsers crowdsecurity/sshd-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/postfix : outdated parsers crowdsecurity/postfix-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/apache2 : outdated parsers crowdsecurity/apache2-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/sshd : outdated parsers crowdsecurity/sshd-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/sshd : outdated parsers crowdsecurity/sshd-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/base-http-scenarios : outdated parsers crowdsecurity/http-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/naxsi : outdated parsers crowdsecurity/nginx-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/iptables : outdated parsers crowdsecurity/iptables-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/nginx : outdated parsers crowdsecurity/nginx-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/apache2 : outdated parsers crowdsecurity/apache2-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/linux : sub collection crowdsecurity/sshd is broken : outdated parsers crowdsecurity/sshd-logs 
INFO[23-11-2021 04:26:38 AM] dependency issue crowdsecurity/postfix : outdated parsers crowdsecurity/postfix-logs 
INFO[23-11-2021 04:26:38 AM] Upgrading collections                        
WARN[23-11-2021 04:26:39 AM] crowdsecurity/postfix-logs : overwrite       
WARN[23-11-2021 04:26:39 AM] crowdsecurity/postscreen-logs : overwrite    
WARN[23-11-2021 04:26:39 AM] crowdsecurity/postfix-spam : overwrite       
WARN[23-11-2021 04:26:39 AM] crowdsecurity/postfix : overwrite            
INFO[23-11-2021 04:26:39 AM] πŸ“¦ crowdsecurity/postfix : updated            
INFO[23-11-2021 04:26:39 AM] crowdsecurity/wordpress : up-to-date         
WARN[23-11-2021 04:26:39 AM] crowdsecurity/http-bf-wordpress_bf : overwrite 
WARN[23-11-2021 04:26:39 AM] crowdsecurity/wordpress : overwrite          
INFO[23-11-2021 04:26:39 AM] πŸ“¦ crowdsecurity/wordpress : updated          
WARN[23-11-2021 04:26:39 AM] crowdsecurity/apache2-logs : overwrite       
WARN[23-11-2021 04:26:39 AM] crowdsecurity/http-logs : overwrite          
WARN[23-11-2021 04:26:40 AM] crowdsecurity/http-crawl-non_statics : overwrite 
WARN[23-11-2021 04:26:40 AM] crowdsecurity/http-probing : overwrite       
WARN[23-11-2021 04:26:40 AM] crowdsecurity/http-bad-user-agent : overwrite 
INFO[23-11-2021 04:26:40 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/bad_user_agents.txt' in '/var/lib/crowdsec/data/bad_user_agents.txt' 
WARN[23-11-2021 04:26:40 AM] crowdsecurity/http-path-traversal-probing : overwrite 
INFO[23-11-2021 04:26:40 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/path_traversal.txt' in '/var/lib/crowdsec/data/http_path_traversal.txt' 
WARN[23-11-2021 04:26:40 AM] crowdsecurity/http-sensitive-files : overwrite 
INFO[23-11-2021 04:26:40 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt' in '/var/lib/crowdsec/data/sensitive_data.txt' 
WARN[23-11-2021 04:26:40 AM] crowdsecurity/http-sqli-probing : overwrite  
INFO[23-11-2021 04:26:40 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sqli_probe_patterns.txt' in '/var/lib/crowdsec/data/sqli_probe_patterns.txt' 
WARN[23-11-2021 04:26:41 AM] crowdsecurity/http-xss-probing : overwrite   
INFO[23-11-2021 04:26:41 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/xss_probe_patterns.txt' in '/var/lib/crowdsec/data/xss_probe_patterns.txt' 
WARN[23-11-2021 04:26:41 AM] crowdsecurity/http-backdoors-attempts : overwrite 
INFO[23-11-2021 04:26:41 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt' in '/var/lib/crowdsec/data/backdoors.txt' 
WARN[23-11-2021 04:26:41 AM] ltsich/http-w00tw00t : overwrite             
WARN[23-11-2021 04:26:41 AM] crowdsecurity/http-generic-bf : overwrite    
WARN[23-11-2021 04:26:41 AM] crowdsecurity/base-http-scenarios : overwrite 
WARN[23-11-2021 04:26:41 AM] crowdsecurity/base-http-scenarios : overwrite 
WARN[23-11-2021 04:26:41 AM] crowdsecurity/apache2 : overwrite            
INFO[23-11-2021 04:26:41 AM] πŸ“¦ crowdsecurity/apache2 : updated            
INFO[23-11-2021 04:26:41 AM] crowdsecurity/dovecot : up-to-date           
WARN[23-11-2021 04:26:41 AM] crowdsecurity/dovecot-logs : overwrite       
WARN[23-11-2021 04:26:42 AM] crowdsecurity/dovecot-spam : overwrite       
WARN[23-11-2021 04:26:42 AM] crowdsecurity/dovecot : overwrite            
INFO[23-11-2021 04:26:42 AM] πŸ“¦ crowdsecurity/dovecot : updated            
INFO[23-11-2021 04:26:42 AM] crowdsecurity/linux : up-to-date             
WARN[23-11-2021 04:26:42 AM] crowdsecurity/syslog-logs : overwrite        
WARN[23-11-2021 04:26:42 AM] crowdsecurity/geoip-enrich : overwrite       
INFO[23-11-2021 04:26:42 AM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb' in '/var/lib/crowdsec/data/GeoLite2-City.mmdb' 
INFO[23-11-2021 04:26:47 AM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb' in '/var/lib/crowdsec/data/GeoLite2-ASN.mmdb' 
WARN[23-11-2021 04:26:47 AM] crowdsecurity/dateparse-enrich : overwrite   
WARN[23-11-2021 04:26:47 AM] crowdsecurity/sshd-logs : overwrite          
WARN[23-11-2021 04:26:47 AM] crowdsecurity/ssh-bf : overwrite             
WARN[23-11-2021 04:26:47 AM] crowdsecurity/sshd : overwrite               
WARN[23-11-2021 04:26:47 AM] crowdsecurity/sshd : overwrite               
WARN[23-11-2021 04:26:47 AM] crowdsecurity/linux : overwrite              
INFO[23-11-2021 04:26:47 AM] πŸ“¦ crowdsecurity/linux : updated              
INFO[23-11-2021 04:26:47 AM] crowdsecurity/mysql : up-to-date             
WARN[23-11-2021 04:26:48 AM] crowdsecurity/mysql-logs : overwrite         
WARN[23-11-2021 04:26:48 AM] crowdsecurity/mysql-bf : overwrite           
WARN[23-11-2021 04:26:48 AM] crowdsecurity/mysql : overwrite              
INFO[23-11-2021 04:26:48 AM] πŸ“¦ crowdsecurity/mysql : updated              
INFO[23-11-2021 04:26:48 AM] crowdsecurity/sshd : up-to-date              
WARN[23-11-2021 04:26:48 AM] crowdsecurity/sshd-logs : overwrite          
WARN[23-11-2021 04:26:48 AM] crowdsecurity/ssh-bf : overwrite             
WARN[23-11-2021 04:26:48 AM] crowdsecurity/sshd : overwrite               
INFO[23-11-2021 04:26:48 AM] πŸ“¦ crowdsecurity/sshd : updated               
WARN[23-11-2021 04:26:48 AM] firewallservices/zimbra : not downloaded, please install. 
INFO[23-11-2021 04:26:48 AM] firewallservices/zimbra-logs : OK            
INFO[23-11-2021 04:26:48 AM] Enabled parsers : firewallservices/zimbra-logs 
INFO[23-11-2021 04:26:48 AM] firewallservices/zimbra-bf : OK              
INFO[23-11-2021 04:26:48 AM] Enabled scenarios : firewallservices/zimbra-bf 
INFO[23-11-2021 04:26:48 AM] firewallservices/zimbra : OK                 
INFO[23-11-2021 04:26:48 AM] πŸ“¦ firewallservices/zimbra : updated          
INFO[23-11-2021 04:26:48 AM] crowdsecurity/base-http-scenarios : up-to-date 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-logs : overwrite          
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-crawl-non_statics : overwrite 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-probing : overwrite       
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-bad-user-agent : overwrite 
INFO[23-11-2021 04:26:48 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/bad_user_agents.txt' in '/var/lib/crowdsec/data/bad_user_agents.txt' 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-path-traversal-probing : overwrite 
INFO[23-11-2021 04:26:48 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/path_traversal.txt' in '/var/lib/crowdsec/data/http_path_traversal.txt' 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-sensitive-files : overwrite 
INFO[23-11-2021 04:26:48 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt' in '/var/lib/crowdsec/data/sensitive_data.txt' 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-sqli-probing : overwrite  
INFO[23-11-2021 04:26:48 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sqli_probe_patterns.txt' in '/var/lib/crowdsec/data/sqli_probe_patterns.txt' 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-xss-probing : overwrite   
INFO[23-11-2021 04:26:48 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/xss_probe_patterns.txt' in '/var/lib/crowdsec/data/xss_probe_patterns.txt' 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-backdoors-attempts : overwrite 
INFO[23-11-2021 04:26:48 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt' in '/var/lib/crowdsec/data/backdoors.txt' 
WARN[23-11-2021 04:26:48 AM] ltsich/http-w00tw00t : overwrite             
WARN[23-11-2021 04:26:48 AM] crowdsecurity/http-generic-bf : overwrite    
WARN[23-11-2021 04:26:48 AM] crowdsecurity/base-http-scenarios : overwrite 
INFO[23-11-2021 04:26:48 AM] πŸ“¦ crowdsecurity/base-http-scenarios : updated 
WARN[23-11-2021 04:26:48 AM] crowdsecurity/nginx-logs : overwrite         
WARN[23-11-2021 04:26:48 AM] crowdsecurity/naxsi-logs : overwrite         
WARN[23-11-2021 04:26:48 AM] crowdsecurity/naxsi-exploit-vpatch : overwrite 
WARN[23-11-2021 04:26:49 AM] crowdsecurity/naxsi : overwrite              
INFO[23-11-2021 04:26:49 AM] πŸ“¦ crowdsecurity/naxsi : updated              
INFO[23-11-2021 04:26:49 AM] crowdsecurity/whitelist-good-actors : up-to-date 
WARN[23-11-2021 04:26:49 AM] crowdsecurity/seo-bots-whitelist : overwrite 
INFO[23-11-2021 04:26:49 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt' in '/var/lib/crowdsec/data/rdns_seo_bots.txt' 
INFO[23-11-2021 04:26:49 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rnds_seo_bots.regex' in '/var/lib/crowdsec/data/rdns_seo_bots.regex' 
INFO[23-11-2021 04:26:49 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/ip_seo_bots.txt' in '/var/lib/crowdsec/data/ip_seo_bots.txt' 
WARN[23-11-2021 04:26:49 AM] crowdsecurity/cdn-whitelist : overwrite      
INFO[23-11-2021 04:26:49 AM] downloading data 'https://www.cloudflare.com/ips-v4' in '/var/lib/crowdsec/data/cloudflare_ips.txt' 
WARN[23-11-2021 04:26:49 AM] crowdsecurity/rdns : overwrite               
WARN[23-11-2021 04:26:49 AM] crowdsecurity/whitelist-good-actors : overwrite 
INFO[23-11-2021 04:26:49 AM] πŸ“¦ crowdsecurity/whitelist-good-actors : updated 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/iptables-logs : overwrite      
WARN[23-11-2021 04:26:50 AM] crowdsecurity/iptables-scan-multi_ports : overwrite 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/iptables : overwrite           
INFO[23-11-2021 04:26:50 AM] πŸ“¦ crowdsecurity/iptables : updated           
INFO[23-11-2021 04:26:50 AM] crowdsecurity/modsecurity : up-to-date       
WARN[23-11-2021 04:26:50 AM] crowdsecurity/modsecurity : overwrite        
WARN[23-11-2021 04:26:50 AM] crowdsecurity/modsecurity : overwrite        
WARN[23-11-2021 04:26:50 AM] crowdsecurity/modsecurity : overwrite        
INFO[23-11-2021 04:26:50 AM] πŸ“¦ crowdsecurity/modsecurity : updated        
WARN[23-11-2021 04:26:50 AM] crowdsecurity/nginx-logs : overwrite         
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-logs : overwrite          
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-crawl-non_statics : overwrite 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-probing : overwrite       
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-bad-user-agent : overwrite 
INFO[23-11-2021 04:26:50 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/bad_user_agents.txt' in '/var/lib/crowdsec/data/bad_user_agents.txt' 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-path-traversal-probing : overwrite 
INFO[23-11-2021 04:26:50 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/path_traversal.txt' in '/var/lib/crowdsec/data/http_path_traversal.txt' 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-sensitive-files : overwrite 
INFO[23-11-2021 04:26:50 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt' in '/var/lib/crowdsec/data/sensitive_data.txt' 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-sqli-probing : overwrite  
INFO[23-11-2021 04:26:50 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sqli_probe_patterns.txt' in '/var/lib/crowdsec/data/sqli_probe_patterns.txt' 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-xss-probing : overwrite   
INFO[23-11-2021 04:26:50 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/xss_probe_patterns.txt' in '/var/lib/crowdsec/data/xss_probe_patterns.txt' 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-backdoors-attempts : overwrite 
INFO[23-11-2021 04:26:50 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt' in '/var/lib/crowdsec/data/backdoors.txt' 
WARN[23-11-2021 04:26:50 AM] ltsich/http-w00tw00t : overwrite             
WARN[23-11-2021 04:26:50 AM] crowdsecurity/http-generic-bf : overwrite    
WARN[23-11-2021 04:26:50 AM] crowdsecurity/base-http-scenarios : overwrite 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/base-http-scenarios : overwrite 
WARN[23-11-2021 04:26:50 AM] crowdsecurity/nginx : overwrite              
INFO[23-11-2021 04:26:50 AM] πŸ“¦ crowdsecurity/nginx : updated              
INFO[23-11-2021 04:26:50 AM] crowdsecurity/vsftpd : up-to-date            
WARN[23-11-2021 04:26:50 AM] crowdsecurity/vsftpd-logs : overwrite        
WARN[23-11-2021 04:26:50 AM] crowdsecurity/vsftpd-bf : overwrite          
WARN[23-11-2021 04:26:51 AM] crowdsecurity/vsftpd : overwrite             
INFO[23-11-2021 04:26:51 AM] πŸ“¦ crowdsecurity/vsftpd : updated             
INFO[23-11-2021 04:26:51 AM] Upgraded 15 items                            
INFO[23-11-2021 04:26:51 AM] Upgrading parsers                            
INFO[23-11-2021 04:26:51 AM] crowdsecurity/tcpdump-logs : up-to-date      
WARN[23-11-2021 04:26:51 AM] crowdsecurity/tcpdump-logs : overwrite       
INFO[23-11-2021 04:26:51 AM] πŸ“¦ crowdsecurity/tcpdump-logs : updated       
INFO[23-11-2021 04:26:51 AM] crowdsecurity/vsftpd-logs : up-to-date       
WARN[23-11-2021 04:26:51 AM] crowdsecurity/vsftpd-logs : overwrite        
INFO[23-11-2021 04:26:51 AM] πŸ“¦ crowdsecurity/vsftpd-logs : updated        
WARN[23-11-2021 04:26:51 AM] firewallservices/lemonldap-ng : not downloaded, please install. 
INFO[23-11-2021 04:26:51 AM] firewallservices/lemonldap-ng : OK           
INFO[23-11-2021 04:26:51 AM] πŸ“¦ firewallservices/lemonldap-ng : updated    
INFO[23-11-2021 04:26:51 AM] crowdsecurity/geoip-enrich : up-to-date      
WARN[23-11-2021 04:26:51 AM] crowdsecurity/geoip-enrich : overwrite       
INFO[23-11-2021 04:26:51 AM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb' in '/var/lib/crowdsec/data/GeoLite2-City.mmdb' 
INFO[23-11-2021 04:26:53 AM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb' in '/var/lib/crowdsec/data/GeoLite2-ASN.mmdb' 
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/geoip-enrich : updated       
INFO[23-11-2021 04:26:53 AM] crowdsecurity/http-logs : up-to-date         
WARN[23-11-2021 04:26:53 AM] crowdsecurity/http-logs : overwrite          
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/http-logs : updated          
INFO[23-11-2021 04:26:53 AM] crowdsecurity/iptables-logs : up-to-date     
WARN[23-11-2021 04:26:53 AM] crowdsecurity/iptables-logs : overwrite      
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/iptables-logs : updated      
INFO[23-11-2021 04:26:53 AM] crowdsecurity/postfix-logs : up-to-date      
WARN[23-11-2021 04:26:53 AM] crowdsecurity/postfix-logs : overwrite       
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/postfix-logs : updated       
INFO[23-11-2021 04:26:53 AM] crowdsecurity/cowrie-logs : up-to-date       
WARN[23-11-2021 04:26:53 AM] crowdsecurity/cowrie-logs : overwrite        
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/cowrie-logs : updated        
INFO[23-11-2021 04:26:53 AM] crowdsecurity/dateparse-enrich : up-to-date  
WARN[23-11-2021 04:26:53 AM] crowdsecurity/dateparse-enrich : overwrite   
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/dateparse-enrich : updated   
INFO[23-11-2021 04:26:53 AM] crowdsecurity/modsecurity : up-to-date       
WARN[23-11-2021 04:26:53 AM] crowdsecurity/modsecurity : overwrite        
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/modsecurity : updated        
INFO[23-11-2021 04:26:53 AM] crowdsecurity/sshd-logs : up-to-date         
WARN[23-11-2021 04:26:53 AM] crowdsecurity/sshd-logs : overwrite          
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/sshd-logs : updated          
INFO[23-11-2021 04:26:53 AM] crowdsecurity/syslog-logs : up-to-date       
WARN[23-11-2021 04:26:53 AM] crowdsecurity/syslog-logs : overwrite        
INFO[23-11-2021 04:26:53 AM] πŸ“¦ crowdsecurity/syslog-logs : updated        
INFO[23-11-2021 04:26:53 AM] crowdsecurity/whitelists : up-to-date        
WARN[23-11-2021 04:26:54 AM] crowdsecurity/whitelists : overwrite         
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/whitelists : updated         
INFO[23-11-2021 04:26:54 AM] firewallservices/zimbra-logs : up-to-date    
WARN[23-11-2021 04:26:54 AM] firewallservices/zimbra-logs : overwrite     
INFO[23-11-2021 04:26:54 AM] πŸ“¦ firewallservices/zimbra-logs : updated     
INFO[23-11-2021 04:26:54 AM] crowdsecurity/apache2-logs : up-to-date      
WARN[23-11-2021 04:26:54 AM] crowdsecurity/apache2-logs : overwrite       
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/apache2-logs : updated       
INFO[23-11-2021 04:26:54 AM] crowdsecurity/naxsi-logs : up-to-date        
WARN[23-11-2021 04:26:54 AM] crowdsecurity/naxsi-logs : overwrite         
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/naxsi-logs : updated         
INFO[23-11-2021 04:26:54 AM] crowdsecurity/nginx-logs : up-to-date        
WARN[23-11-2021 04:26:54 AM] crowdsecurity/nginx-logs : overwrite         
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/nginx-logs : updated         
INFO[23-11-2021 04:26:54 AM] crowdsecurity/smb-logs : up-to-date          
WARN[23-11-2021 04:26:54 AM] crowdsecurity/smb-logs : overwrite           
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/smb-logs : updated           
INFO[23-11-2021 04:26:54 AM] crowdsecurity/dovecot-logs : up-to-date      
WARN[23-11-2021 04:26:54 AM] crowdsecurity/dovecot-logs : overwrite       
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/dovecot-logs : updated       
INFO[23-11-2021 04:26:54 AM] crowdsecurity/mysql-logs : up-to-date        
WARN[23-11-2021 04:26:54 AM] crowdsecurity/mysql-logs : overwrite         
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/mysql-logs : updated         
INFO[23-11-2021 04:26:54 AM] crowdsecurity/postscreen-logs : up-to-date   
WARN[23-11-2021 04:26:54 AM] crowdsecurity/postscreen-logs : overwrite    
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/postscreen-logs : updated    
INFO[23-11-2021 04:26:54 AM] Upgraded 21 items                            
INFO[23-11-2021 04:26:54 AM] Upgrading scenarios                          
INFO[23-11-2021 04:26:54 AM] crowdsecurity/dovecot-spam : up-to-date      
WARN[23-11-2021 04:26:54 AM] crowdsecurity/dovecot-spam : overwrite       
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/dovecot-spam : updated       
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-probing : up-to-date      
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-probing : overwrite       
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-probing : updated       
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-sensitive-files : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-sensitive-files : overwrite 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt' in '/var/lib/crowdsec/data/sensitive_data.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-sensitive-files : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/naxsi-exploit-vpatch : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/naxsi-exploit-vpatch : overwrite 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/naxsi-exploit-vpatch : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/telnet-bf : up-to-date         
WARN[23-11-2021 04:26:54 AM] crowdsecurity/telnet-bf : overwrite          
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/telnet-bf : updated          
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-xss-probing : up-to-date  
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-xss-probing : overwrite   
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/xss_probe_patterns.txt' in '/var/lib/crowdsec/data/xss_probe_patterns.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-xss-probing : updated   
INFO[23-11-2021 04:26:54 AM] crowdsecurity/modsecurity : up-to-date       
WARN[23-11-2021 04:26:54 AM] crowdsecurity/modsecurity : overwrite        
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/modsecurity : updated        
INFO[23-11-2021 04:26:54 AM] crowdsecurity/mysql-bf : up-to-date          
WARN[23-11-2021 04:26:54 AM] crowdsecurity/mysql-bf : overwrite           
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/mysql-bf : updated           
INFO[23-11-2021 04:26:54 AM] crowdsecurity/ssh-bf : up-to-date            
WARN[23-11-2021 04:26:54 AM] crowdsecurity/ssh-bf : overwrite             
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/ssh-bf : updated             
INFO[23-11-2021 04:26:54 AM] ltsich/http-w00tw00t : up-to-date            
WARN[23-11-2021 04:26:54 AM] ltsich/http-w00tw00t : overwrite             
INFO[23-11-2021 04:26:54 AM] πŸ“¦ ltsich/http-w00tw00t : updated             
INFO[23-11-2021 04:26:54 AM] firewallservices/zimbra-bf : up-to-date      
WARN[23-11-2021 04:26:54 AM] firewallservices/zimbra-bf : overwrite       
INFO[23-11-2021 04:26:54 AM] πŸ“¦ firewallservices/zimbra-bf : updated       
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-backdoors-attempts : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-backdoors-attempts : overwrite 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt' in '/var/lib/crowdsec/data/backdoors.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-backdoors-attempts : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-bad-user-agent : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-bad-user-agent : overwrite 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/bad_user_agents.txt' in '/var/lib/crowdsec/data/bad_user_agents.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-bad-user-agent : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-bf-wordpress_bf : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-bf-wordpress_bf : overwrite 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-bf-wordpress_bf : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-sqli-probing : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-sqli-probing : overwrite  
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sqli_probe_patterns.txt' in '/var/lib/crowdsec/data/sqli_probe_patterns.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-sqli-probing : updated  
INFO[23-11-2021 04:26:54 AM] crowdsecurity/postfix-spam : up-to-date      
WARN[23-11-2021 04:26:54 AM] crowdsecurity/postfix-spam : overwrite       
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/postfix-spam : updated       
WARN[23-11-2021 04:26:54 AM] firewallservices/lemonldap-ng-bf : not downloaded, please install. 
INFO[23-11-2021 04:26:54 AM] firewallservices/lemonldap-ng-bf : OK        
INFO[23-11-2021 04:26:54 AM] πŸ“¦ firewallservices/lemonldap-ng-bf : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/vsftpd-bf : up-to-date         
WARN[23-11-2021 04:26:54 AM] crowdsecurity/vsftpd-bf : overwrite          
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/vsftpd-bf : updated          
INFO[23-11-2021 04:26:54 AM] crowdsecurity/ban-defcon-drop_range : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/ban-defcon-drop_range : overwrite 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/ban-defcon-drop_range : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-crawl-non_statics : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-crawl-non_statics : overwrite 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-crawl-non_statics : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-generic-bf : up-to-date   
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-generic-bf : overwrite    
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-generic-bf : updated    
INFO[23-11-2021 04:26:54 AM] crowdsecurity/http-path-traversal-probing : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/http-path-traversal-probing : overwrite 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/path_traversal.txt' in '/var/lib/crowdsec/data/http_path_traversal.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/http-path-traversal-probing : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/iptables-scan-multi_ports : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/iptables-scan-multi_ports : overwrite 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/iptables-scan-multi_ports : updated 
INFO[23-11-2021 04:26:54 AM] crowdsecurity/smb-bf : up-to-date            
WARN[23-11-2021 04:26:54 AM] crowdsecurity/smb-bf : overwrite             
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/smb-bf : updated             
INFO[23-11-2021 04:26:54 AM] Upgraded 24 items                            
INFO[23-11-2021 04:26:54 AM] Upgrading postoverflows                      
INFO[23-11-2021 04:26:54 AM] crowdsecurity/cdn-whitelist : up-to-date     
WARN[23-11-2021 04:26:54 AM] crowdsecurity/cdn-whitelist : overwrite      
INFO[23-11-2021 04:26:54 AM] downloading data 'https://www.cloudflare.com/ips-v4' in '/var/lib/crowdsec/data/cloudflare_ips.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/cdn-whitelist : updated      
INFO[23-11-2021 04:26:54 AM] crowdsecurity/rdns : up-to-date              
WARN[23-11-2021 04:26:54 AM] crowdsecurity/rdns : overwrite               
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/rdns : updated               
INFO[23-11-2021 04:26:54 AM] crowdsecurity/seo-bots-whitelist : up-to-date 
WARN[23-11-2021 04:26:54 AM] crowdsecurity/seo-bots-whitelist : overwrite 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt' in '/var/lib/crowdsec/data/rdns_seo_bots.txt' 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rnds_seo_bots.regex' in '/var/lib/crowdsec/data/rdns_seo_bots.regex' 
INFO[23-11-2021 04:26:54 AM] downloading data 'https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/ip_seo_bots.txt' in '/var/lib/crowdsec/data/ip_seo_bots.txt' 
INFO[23-11-2021 04:26:54 AM] πŸ“¦ crowdsecurity/seo-bots-whitelist : updated 
INFO[23-11-2021 04:26:54 AM] Upgraded 3 items
sabban commented 2 years ago

I believe this fixed your issue. i'll close it in a few days, except if you want to add something to this.

Thank you for reaching us.