Closed klausagnoletti closed 2 years ago
Go in /etc/crowdsec/parsers/
, you will maybe got some patterns in double (and some with .dpkg-dist
in the name)
Op vr 17 dec. 2021 21:44 schreef Thibaut SEVERAC @.***>:
Go in /etc/crowdsec/parsers/, you will maybe got some patterns in double (and some with .dpkg-dist in the name)
— Reply to this email directly, view it on GitHub https://github.com/crowdsecurity/crowdsec/issues/1111#issuecomment-997020433, or unsubscribe https://github.com/notifications/unsubscribe-auth/APEURA5DL3ETOFZG2JBGHK3UROOJLANCNFSM5KJLS2QA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
I too encountered this. /etc/crowdsec/parsers
contained no duplicates (checked with ls -alR
in there).
TL;DR - Likely something to do with leapfrogging so many versions or the .dpkg file not ensuring it definitely updates all the relevant files to their latest versions.
In the end I:
apt purge crowdsec
apt install crowdsec
(which made new credentials files anyway)and it worked. Now, I was coming from some ancient 1.0.2 version, because no hint was given that the APT repository had changed, so it's possible that necessary tweaks to configuration/other files were missed due to that leap.
I note that performing that upgrade did not change the files under /etc/crowdsec/parsers
(which are of course symlinks) or the files those symlinks point to, but the purge/install cycle has. So something definitely went awry with the APT upgrade of the package.
I had /etc/
committed and in a clean state before the purge/install, but after the upgrade from 1.0.2 to 1.3.1. Now I've done the purge/install cycle I'm showing differences in, e.g. crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
in a git diff
. I've now commited those changes, and for my own reference that's local /etc commit c165f4aea87d68f530dad5f285e85d5aa6bfba8
.
Hi,
I believe this commit https://github.com/crowdsecurity/crowdsec/commit/1f06f242cc18ca99cc9f69164341592139f85d64 fixes this issue.
Regards,
Describe the bug On a clean install of Debian 10.11 I first installed crowdsec 1.1.1 and iptables bouncer 0.0.15 from debs. Next I upgraded. That failed because crowdsec failed to start after upgrade.
This was in the logs. After deleting the mysql.dpkg-dist in /etc/crowdsec/patterns I was able to start the crowdsec agent and finish the upgrade.
To Reproduce Steps to reproduce the behavior:
Expected behavior I expected upgrade to not fail :-)
Technical Information (please complete the following information):