Closed stephdl closed 1 year ago
@stephdl: Thanks for opening an issue, it is currently awaiting triage.
In the meantime, you can:
Hello,
The issue is that systemd 247 and systemd 252 are not compatible. Our current images are using debian-stable, but systemd 252 is not available there. We will provide as well debian-testing images that support systemd 252.
We'll keep you posted,
cf. https://github.com/crowdsecurity/home-assistant-addons/issues/38
hey @buixor thank for it, cannot wait to test it
@he2ss how to test your new container ?
@buixor I don't want to hijack this issue, but I'm using Arch as a host and crowdsec isn't parsing my system.journal file at all, it doesn't even appear in the metrics.
Arch currently uses systemd 253 (253.5-2-arch) and I'm aware that it's more bleeding edge than debian etc so just wondering if it would be possible to have a non-debian / rolling distro based image to pull that's more up to date e.g. Alpine?
Debian is very conservative and IIRC won't receive new systemd versions over each 2-3 year stable release cycle? That would mean that libsystemd would become seriously out of date in the crowdsec image over time.
What happened?
We use crowdsec with containers on debian 11 and rocky linux 9.2 with journald acquisition
with debian I have no issue, I see the log parsed when I do ||cscli metrics || https://gist.github.com/stephdl/c4ecb7b9830208a0b66a227e67ea402a
with rocky Linux I noticed that the logs are not parsed when I do cscli metrics (we got the same configuration except the path to journald that is not the same between debian and rockyLinux) https://gist.github.com/stephdl/56568e5e41131055a93481702364aa0f
When I start crowdsec on rockyLinux 9.2 I found this error relevant to logs : https://gist.github.com/stephdl/d322f77ef258d3e23d98afd7b2f556b1
journalctl inside the container cannot read the journal output we have an error :
journal uses an unsupported feature. ignoring file.
So I went to google and I found a bug report from redhat relevant to this error, or probably close
journalctl "Journal file uses an unsupported feature"
https://bugzilla.redhat.com/show_bug.cgi?id=1413388in short we do not run the same version of systemd on rockyLinux it is higher and we do not probably use the same encryption for what I understand
I use crowdsec 1.5.1
1b8b1d84bcfa docker.io/crowdsecurity/crowdsec:v1.5.1-debian 7 minutes ago Up 7 minutes crowdsec1
on rocky linux 9.2
inside the container
on debian 11
inside the container
For what I understand we should have the same encryption and version on the system inside the host and inside the container
What did you expect to happen?
I expect that we could start acquisition
How can we reproduce it (as minimally and precisely as possible)?
user rocky-linux 9.2 or any system with systemd version 252
Anything else we need to know?
No response
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.