crowdsec - goroutine crowdsec/runParse crashed: interface conversion: interface {} is nil, n ot *geoip2.City"

[bmendezlut]

What happened?

Hello, I updated CrowdSec to version 1.6.2, and upon restarting the CrowdSec service, an error was flagged as the connection to the API on port 8080 was being refused. Upon reviewing the logs, I encountered the following trace. error: interface conversion: interface {} is nil, not geoip2.City [0/1811] version: v1.6.2-debian-pragmatic-amd64-7d6514c7 BuildDate: 2024-05-30_14:59:20 GoVersion: 1.22.2 Platform: linux goroutine 58 [running]: runtime/debug.Stack() runtime/debug/stack.go:24 +0x5e github.com/crowdsecurity/go-cs-lib/trace.(traceKeeper).writeStackTrace(0x383de60, {0x1e9cf20, 0xc001263050}) github.com/crowdsecurity/go-cs-lib@v0.0.11/trace/trace.go:152 +0x173 github.com/crowdsecurity/go-cs-lib/trace.(traceKeeper).catchPanic(0x383de60, {0x2168dae, 0x11}) github.com/crowdsecurity/go-cs-lib@v0.0.11/trace/trace.go:168 +0x13d github.com/crowdsecurity/go-cs-lib/trace.CatchPanic(...) github.com/crowdsecurity/go-cs-lib@v0.0.11/trace/trace.go:37 panic({0x1e9cf20?, 0xc001263050?}) runtime/panic.go:770 +0x132 github.com/crowdsecurity/crowdsec/pkg/parser.GeoIpCity({0xc001242080, 0xf}, 0x2144088?, 0xc000bb25b0) github.com/crowdsecurity/crowdsec/pkg/parser/enrich_geoip.go:77 +0x745 github.com/crowdsecurity/crowdsec/pkg/parser.(Node).ProcessStatics(0xc000fc8be8, {0xc0005ad688?, 0x2178ff7?, 0x4?}, 0xc0010e8300) github.com/crowdsecurity/crowdsec/pkg/parser/runtime.go:158 +0xbac github.com/crowdsecurity/crowdsec/pkg/parser.(Node).process(0xc000fc8be8, 0xc0010e8300, {{0x0, 0x0}, {0xc000b9acc0, 0x3, 0x4}, 0x1, {0xc000b0c618, 0x16}}, ...) github.com/crowdsecurity/crowdsec/pkg/parser/node.go:402 +0x15c5 github.com/crowdsecurity/crowdsec/pkg/parser.Parse({{, }, {, , }, , {, }}, {0x0, 0x0, ...}, ...) github.com/crowdsecurity/crowdsec/pkg/parser/runtime.go:333 +0x1056 main.runParse(0xc000a26240, 0xc000a261e0, {{0x0, 0x0}, {0xc000b9acc0, 0x3, 0x4}, 0x1, {0xc000b0c618, 0x16}}, ...) github.com/crowdsecurity/crowdsec/cmd/crowdsec/parse.go:39 +0x3ff main.runCrowdsec.func1.1() github.com/crowdsecurity/crowdsec/cmd/crowdsec/crowdsec.go:80 +0xd2 gopkg.in/tomb%2ev2.(Tomb).run(0x38f2900, 0x0?) gopkg.in/tomb.v2@v2.0.0-20161208151619-d5d1b5820637/tomb.go:163 +0x2b created by gopkg.in/tomb%2ev2.(*Tomb).Go in goroutine 260 gopkg.in/tomb.v2@v2.0.0-20161208151619-d5d1b5820637/tomb.go:159 +0xe5

What did you expect to happen?

I want it to work normally.

How can we reproduce it (as minimally and precisely as possible)?

I have the following collections and parsers hub/collections/crowdsecurity/windows.yaml:4: - crowdsecurity/geoip-enrich hub/collections/crowdsecurity/linux.yaml:3: - crowdsecurity/geoip-enrich hub/collections/crowdsecurity/linux.yaml:7:description: "core linux support : syslog+geoip+ssh" hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml:2:name: crowdsecurity/geoip-enrich

Anything else we need to know?

No response

Crowdsec version

```console version: v1.6.2-debian-pragmatic-amd64-7d6514c7 Codename: alphaga BuildDate: 2024-05-30_15:01:50 GoVersion: 1.22.2 Platform: linux libre2: C++ User-Agent: crowdsec/v1.6.2-debian-pragmatic-amd64-7d6514c7-linux Constraint_parser: >= 1.0, <= 3.0 Constraint_scenario: >= 1.0, <= 3.0 Constraint_api: v1 Constraint_acquis: >= 1.0, < 2.0 ```

OS version

```console PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" Linux ahriman 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 GNU/Linux ```

Enabled collections and parsers

```console name,status,version,description,type crowdsecurity/amavis-logs,enabled,0.2,Parse amavis logs,parsers crowdsecurity/apache2-logs,enabled,1.4,Parse Apache2 access and error logs,parsers crowdsecurity/appsec-logs,enabled,0.5,Parse Appsec events,parsers crowdsecurity/configserver-lfd-logs,enabled,0.2,Parse ConfigServer LFD logs,parsers crowdsecurity/cpanel-logs,enabled,0.4,Parse Cpanel logs,parsers crowdsecurity/dateparse-enrich,enabled,0.2,,parsers crowdsecurity/dovecot-logs,enabled,0.8,Parse dovecot logs,parsers crowdsecurity/dropbear-logs,enabled,0.2,Parse dropbear logs,parsers crowdsecurity/endlessh-logs,enabled,0.3,Parse Endlessh logs,parsers crowdsecurity/exchange-imap-logs,enabled,0.1,Parse exchange IMAP logs,parsers crowdsecurity/exchange-pop-logs,enabled,0.1,Parse exchange POP logs,parsers crowdsecurity/exchange-smtp-logs,enabled,0.2,Parse exchange SMTP logs,parsers crowdsecurity/exim-logs,enabled,0.3,Parse exim logs,parsers crowdsecurity/geoip-enrich,enabled,0.3,"Populate event with geoloc info : as, country, coords, source range.",parsers crowdsecurity/haproxy-logs,enabled,0.7,Parse haproxy http logs,parsers crowdsecurity/http-logs,enabled,1.2,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers crowdsecurity/iis-logs,enabled,0.4,Parse IIS access logs,parsers crowdsecurity/iptables-logs,enabled,0.5,Parse iptables drop logs,parsers crowdsecurity/mariadb-logs,enabled,0.4,Parse MariaDB logs,parsers crowdsecurity/mysql-logs,enabled,0.4,Parse MySQL logs,parsers crowdsecurity/pgsql-logs,enabled,0.7,Parse PgSQL logs,parsers crowdsecurity/pkexec-logs,enabled,0.1,Parse pkexec logs specifically for CVE-2021-4034,parsers crowdsecurity/postfix-logs,enabled,0.6,Parse postfix logs,parsers crowdsecurity/pgsql-logs,enabled,0.7,Parse PgSQL logs,parsers [103/1992] crowdsecurity/pkexec-logs,enabled,0.1,Parse pkexec logs specifically for CVE-2021-4034,parsers crowdsecurity/postfix-logs,enabled,0.6,Parse postfix logs,parsers crowdsecurity/postscreen-logs,enabled,0.3,Parse postscreen logs,parsers crowdsecurity/proftpd-logs,enabled,0.3,Parse proftpd logs,parsers crowdsecurity/segfault-logs,enabled,0.4,Parses segfault kernel side,parsers crowdsecurity/smb-logs,enabled,0.2,Parse SMB logs,parsers crowdsecurity/sshd-logs,enabled,2.3,Parse openSSH logs,parsers crowdsecurity/sshd-success-logs,enabled,0.1,Parse successful ssh logins,parsers crowdsecurity/syslog-logs,enabled,0.8,,parsers crowdsecurity/teleport-logs,enabled,0.1,Parse teleport logs,parsers crowdsecurity/unifi-logs,enabled,0.1,,parsers crowdsecurity/vsftpd-logs,enabled,0.3,Parse VSFTPD logs,parsers crowdsecurity/whitelists,"enabled,tainted",?,Whitelist events from private ipv4 addresses,parsers crowdsecurity/windows-auth,enabled,0.2,Parse windows authentication failure events (id 4625),parsers crowdsecurity/windows-logs,enabled,0.4,,parsers crowdsecurity/wireguard-logs,enabled,0.1,Parses wireguard log via dyndbg,parsers firewallservices/lemonldap-ng,enabled,0.1,Parse Lemonldap::NG logs,parsers firewallservices/pf-logs,enabled,0.5,Parse packet filter logs,parsers firewallservices/zimbra-logs,enabled,0.1,Parse zimbra authentication failures,parsers crowdsecurity/amavis-blocked,enabled,0.1,Ban IPs that are blocked by amavis,scenarios crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.6,Detect cve-2021-44228 exploitation attemps,scenarios crowdsecurity/appsec-vpatch,enabled,0.5,Identify attacks flagged by CrowdSec AppSec,scenarios crowdsecurity/configserver-lfd-bf,enabled,0.1,Detects SSH bruteforce attempts blocked by ConfigServer.,scenarios crowdsecurity/cpanel-bf,enabled,0.4,Detect bruteforce on cpanel login,scenarios crowdsecurity/cpanel-bf-attempt,enabled,0.3,Detect bruteforce attempt on cpanel login,scenarios crowdsecurity/CVE-2017-9841,enabled,0.2,Detect CVE-2017-9841 exploits,scenarios crowdsecurity/CVE-2019-18935,enabled,0.2,Detect Telerik CVE-2019-18935 exploitation attempts,scenarios crowdsecurity/CVE-2021-4034,enabled,0.2,Detect CVE-2021-4034 exploits,scenarios crowdsecurity/CVE-2022-26134,enabled,0.2,Detect CVE-2022-26134 exploits,scenarios crowdsecurity/CVE-2022-35914,enabled,0.2,Detect CVE-2022-35914 exploits,scenarios crowdsecurity/CVE-2022-37042,enabled,0.2,Detect CVE-2022-37042 exploits,scenarios crowdsecurity/CVE-2022-40684,enabled,0.3,Detect cve-2022-40684 exploitation attempts,scenarios crowdsecurity/CVE-2022-41082,enabled,0.4,Detect CVE-2022-41082 exploits,scenarios crowdsecurity/CVE-2022-41697,enabled,0.2,Detect CVE-2022-41697 enumeration,scenarios crowdsecurity/CVE-2022-42889,enabled,0.3,Detect CVE-2022-42889 exploits (Text4Shell),scenarios crowdsecurity/CVE-2022-44877,enabled,0.3,Detect CVE-2022-44877 exploits,scenarios [67/1992] crowdsecurity/CVE-2022-46169,enabled,0.2,Detect CVE-2022-46169 brute forcing,scenarios crowdsecurity/CVE-2023-22515,enabled,0.1,Detect CVE-2023-22515 exploitation,scenarios crowdsecurity/CVE-2023-22518,enabled,0.2,Detect CVE-2023-22518 exploits,scenarios crowdsecurity/CVE-2023-49103,enabled,0.3,Detect owncloud CVE-2023-49103 exploitation attempts,scenarios crowdsecurity/CVE-2023-4911,enabled,0.5,exploitation of CVE-2023-4911: segfaulting in dynamic loader,scenarios crowdsecurity/dovecot-spam,enabled,0.5,detect errors on dovecot,scenarios crowdsecurity/endlessh-bf,enabled,0.3,Detect SSH bruteforce caught by Endlessh,scenarios crowdsecurity/exchange-bf,enabled,0.4,"Detect Exchange bruteforce (SMTP,IMAP,POP3)",scenarios crowdsecurity/exim-bf,enabled,0.3,Detect Exim brute force,scenarios crowdsecurity/exim-spam,enabled,0.3,Detect spam on Exim,scenarios crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.2,Detect cve-2020-5902 exploitation attemps,scenarios crowdsecurity/fortinet-cve-2018-13379,enabled,0.3,Detect cve-2018-13379 exploitation attemps,scenarios crowdsecurity/grafana-cve-2021-43798,enabled,0.2,Detect cve-2021-43798 exploitation attemps,scenarios crowdsecurity/http-admin-interface-probing,enabled,0.4,Detect generic HTTP admin interface probing,scenarios crowdsecurity/http-apiscp-bf,enabled,0.3,detect apisCP dashboard bruteforce,scenarios crowdsecurity/http-backdoors-attempts,enabled,0.6,Detect attempt to common backdoors,scenarios crowdsecurity/http-bad-user-agent,enabled,1.2,Detect usage of bad User Agent,scenarios crowdsecurity/http-crawl-non_statics,enabled,0.7,Detect aggressive crawl on non static resources,scenarios crowdsecurity/http-cve-2021-41773,enabled,0.2,cve-2021-41773,scenarios crowdsecurity/http-cve-2021-42013,enabled,0.2,cve-2021-42013,scenarios crowdsecurity/http-cve-probing,enabled,0.2,Detect generic HTTP cve probing,scenarios crowdsecurity/http-dos-bypass-cache,enabled,0.5,Detect DoS tools bypassing cache every request,scenarios crowdsecurity/http-dos-invalid-http-versions,enabled,0.7,Detect DoS tools using invalid HTTP versions,scenarios crowdsecurity/http-dos-random-uri,enabled,0.4,Detect DoS tools using random uri,scenarios crowdsecurity/http-dos-switching-ua,enabled,0.5,Detect DoS tools switching user-agent too fast,scenarios crowdsecurity/http-generic-bf,enabled,0.6,Detect generic http brute force,scenarios crowdsecurity/http-open-proxy,enabled,0.5,Detect scan for open proxy,scenarios crowdsecurity/http-path-traversal-probing,enabled,0.4,Detect path traversal attempt,scenarios crowdsecurity/http-probing,enabled,0.4,Detect site scanning/probing from a single ip,scenarios crowdsecurity/http-sensitive-files,enabled,0.4,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios crowdsecurity/http-sqli-probing,enabled,0.4,A scenario that detects SQL injection probing with minimal false positives,scenarios crowdsecurity/http-wordpress-scan,enabled,0.2,Detect WordPress scan: vuln hunting,scenarios crowdsecurity/http-xss-probing,enabled,0.4,A scenario that detects XSS probing with minimal false positives,scenarios crowdsecurity/impossible-travel,enabled,0.1,impossible travel,scenarios crowdsecurity/impossible-travel-user,enabled,0.1,impossible travel user,scenarios crowdsecurity/iptables-scan-multi_ports,enabled,0.2,ban IPs that are scanning us,scenarios [31/1992] crowdsecurity/jira_cve-2021-26086,enabled,0.3,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios crowdsecurity/mariadb-bf,enabled,0.2,Detect mariadb bruteforce,scenarios crowdsecurity/mysql-bf,enabled,0.2,Detect mysql bruteforce,scenarios crowdsecurity/netgear_rce,enabled,0.3,Detect Netgear RCE DGN1000/DGN220 exploitation attempts,scenarios crowdsecurity/pgsql-bf,enabled,0.2,Detect PgSQL bruteforce,scenarios crowdsecurity/postfix-spam,enabled,0.4,Detect spammers,scenarios crowdsecurity/proftpd-bf,enabled,0.2,Detect proftpd bruteforce,scenarios crowdsecurity/proftpd-bf_user-enum,enabled,0.2,Detect proftpd user enum bruteforce,scenarios crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.3,Detect cve-2019-11510 exploitation attemps,scenarios crowdsecurity/smb-bf,enabled,0.2,Detect smb bruteforce,scenarios crowdsecurity/spring4shell_cve-2022-22965,enabled,0.3,Detect cve-2022-22965 probing,scenarios crowdsecurity/ssh-bf,enabled,0.3,Detect ssh bruteforce,scenarios crowdsecurity/ssh-slow-bf,enabled,0.4,Detect slow ssh bruteforce,scenarios crowdsecurity/teleport-bf,enabled,0.1,detect teleport bruteforce,scenarios crowdsecurity/thinkphp-cve-2018-20062,enabled,0.6,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios crowdsecurity/vmware-cve-2022-22954,enabled,0.3,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.2,Detect VMSA-2021-0027 exploitation attemps,scenarios crowdsecurity/vsftpd-bf,enabled,0.2,Detect FTP bruteforce (vsftpd),scenarios crowdsecurity/windows-bf,enabled,0.2,Detect windows auth bruteforce,scenarios crowdsecurity/wireguard-auth,enabled,0.2,Detects rejected connections attempts and unauthorized packets through wireguard tunnels,scenarios firewallservices/lemonldap-ng-bf,enabled,0.2,Detect Lemonldap::NG bruteforce,scenarios firewallservices/pf-scan-multi_ports,enabled,0.4,ban IPs that are scanning us,scenarios firewallservices/zimbra-bf,enabled,0.2,Detect Zimbra bruteforce,scenarios ltsich/http-w00tw00t,enabled,0.2,detect w00tw00t,scenarios crowdsecurity/appsec_base,enabled,0.2,,contexts crowdsecurity/bf_base,enabled,0.1,,contexts crowdsecurity/firewall_base,enabled,0.2,,contexts crowdsecurity/http_base,enabled,0.2,,contexts crowdsecurity/appsec-default,enabled,0.1,,appsec-configs crowdsecurity/generic-rules,enabled,0.3,,appsec-configs crowdsecurity/base-config,enabled,0.1,,appsec-rules crowdsecurity/generic-freemarker-ssti,enabled,0.3,Generic FreeMarker SSTI,appsec-rules crowdsecurity/amavis,enabled,0.1,amavis support : parser and blocking scenario,collections crowdsecurity/apache2,enabled,0.1,apache2 support : parser and generic http scenarios ,collections crowdsecurity/apiscp,enabled,0.1,apisCP support : collections for services supported by apisCP + apisCP admin page parser/scenario bruteforce,collections crowdsecurity/appsec-generic-rules,enabled,0.5,A collection of generic attack vectors for additional protection.,collections crowdsecurity/base-http-scenarios,enabled,1.0,http common : scanners detection,collections crowdsecurity/cpanel,enabled,0.3,cpanel support : parser and bruteforce detection,collections crowdsecurity/dovecot,enabled,0.1,dovecot support : parser and spammer detection,collections crowdsecurity/endlessh,enabled,0.1,endlessh support : logs parser and brute-force detection,collections crowdsecurity/exchange,enabled,0.3,"Exchange support : Bruteforce detection for OWA,SMTP,IMAP and POP",collections crowdsecurity/exim,enabled,0.1,exim support : parser and bruteforce/spam detection,collections crowdsecurity/haproxy,enabled,0.1,haproxy support : parser and generic http scenarios,collections crowdsecurity/http-cve,enabled,2.6,Detect CVE exploitation in http logs,collections crowdsecurity/http-dos,enabled,0.2,,collections crowdsecurity/iis,enabled,0.1,IIS support : parser and generic http scenarios ,collections crowdsecurity/iptables,enabled,0.2,iptables support : logs and port-scans detection scenarios,collections crowdsecurity/linux,enabled,0.2,core linux support : syslog+geoip+ssh,collections crowdsecurity/linux-lpe,enabled,0.2,Linux Local Privilege Escalation collection : detect trivial LPEs,collections crowdsecurity/mariadb,enabled,0.1,mariadb support : logs and brute-force scenarios,collections crowdsecurity/mysql,enabled,0.1,mysql support : logs and brute-force scenarios,collections crowdsecurity/pgsql,enabled,0.1,postgres support : logs and brute-force scenarios,collections crowdsecurity/postfix,enabled,0.2,postfix support : parser and spammer detection,collections crowdsecurity/proftpd,enabled,0.1,proftpd support : parser and brute-force/user enumeration detection,collections crowdsecurity/smb,enabled,0.1,smb support : parser and brute-force scenario,collections crowdsecurity/sshd,enabled,0.3,sshd support : parser and brute-force detection,collections crowdsecurity/sshd-impossible-travel,enabled,0.1,sshd success: parser and impossible travel,collections crowdsecurity/teleport,enabled,0.1,Teleport support : parser and brute-force detection,collections crowdsecurity/unifi,enabled,0.1,Unifi support: syslog parser + port scan + SSH BF detection,collections crowdsecurity/vsftpd,enabled,0.1,VSFTPD support : logs and brute-force scenarios,collections crowdsecurity/windows,enabled,0.1,core windows support : windows event log + bf detection,collections crowdsecurity/wireguard,enabled,0.1,wireguard auth detection,collections firewallservices/lemonldap-ng,enabled,0.1,Lemonldap::NG support : parser and brutefurce detection,collections firewallservices/pf,enabled,0.2,Parser and scenario for Packet Filter logs,collections firewallservices/zimbra,enabled,0.1,zimbra support : parser and spammer detection,collections # paste output here ```

Acquisition config

```console # On Linux: #Generated acquisition file - wizard.sh (service: apache2) / files : /var/log/apache2/access.log /var/log/apache2/error.log /var/log/apache2/other_vhosts_access.log filenames: - /var/log/apache2/access.log - /var/log/apache2/error.log - /var/log/apache2/other_vhosts_access.log labels: type: apache2 --- #Generated acquisition file - wizard.sh (service: ssh) / files : /var/log/auth.log filenames: - /var/log/auth.log labels: type: syslog --- #Generated acquisition file - wizard.sh (service: smb) / files : journalctl_filter: - _SYSTEMD_UNIT=smb.service labels: type: smb --- #Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log filenames: - /var/log/syslog - /var/log/kern.log labels: type: syslog --- cat: '/etc/crowdsec/acquis.d/*': No existe el fichero o el directorio # paste output here

Config show

```console Global: - Configuration Folder : /etc/crowdsec - Data Folder : /var/lib/crowdsec/data - Hub Folder : /etc/crowdsec/hub - Simulation File : /etc/crowdsec/simulation.yaml - Log Folder : /var/log - Log level : info - Log Media : file Crowdsec: - Acquisition File : /etc/crowdsec/acquis.yaml - Parsers routines : 1 - Acquisition Folder : /etc/crowdsec/acquis.d cscli: - Output : human - Hub Branch : API Client: - URL : http://127.0.0.1:8081/ - Login : c9fe442db8c951351be901de52336b17M63ai2XBu8UbuMOc - Credentials File : /etc/crowdsec/local_api_credentials.yaml Local API Server: - Listen URL : 127.0.0.1:8081 - Listen Socket : - Profile File : /etc/crowdsec/profiles.yaml - Trusted IPs: - 127.0.0.1 - ::1 - Database: - Type : sqlite - Path : /var/lib/crowdsec/data/crowdsec.db - Flush age : 7d - Flush size : 5000 # paste output here ```

Prometheus metrics

```console FATA failed to fetch metrics: executing GET request for URL "http://127.0.0.1:6060/metrics" failed: Get "http://127.0.0.1:6060/metrics": dial tcp 127.0.0.1:6060: connect: connection refused # paste output here ```

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

My firewall has stopped and upon checking the decision list, it rejects it. hub/collections/crowdsecurity/windows.yaml:4: - crowdsecurity/geoip-enrich hub/collections/crowdsecurity/linux.yaml:3: - crowdsecurity/geoip-enrich hub/collections/crowdsecurity/linux.yaml:7:description: "core linux support : syslog+geoip+ssh" hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml:2:name: crowdsecurity/geoip-enrich

[github-actions[bot]]

@bmendezlut: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

1. Check Crowdsec Documentation to see if your issue can be self resolved.
2. You can also join our Discord.
3. Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.

[blotus]

Hello,

I've opened a PR with a fix.

For now, I've removed the 1.6.2 release from our repositories to avoid further issues. You can install 1.6.1 again, and we'll publish a new version most likely tomorrow (it will likely be tagged 1.6.2).

For our testing, do you happen to know which IP triggered the crash ? Looking at the code, it can happen if the geoip databases are not setup properly (likely not your case as you have the proper parser), or if we cannot find anything about the IP in the geoip database.

[bmendezlut]

Thank you. I am not sure which IP might have caused the crash, how can I find it? Searching through the CrowdSec logs, I found the following: time="2024-05-30T13:30:32-06:00" level=error msg="unable to open GeoLite2-City.mmdb : error opening database: invalid MaxMind DB file" time="2024-05-30T13:30:32-06:00" level=warning msg="unable to initialize GeoIP: error opening database: invalid MaxMind DB The GeoLite2-City.mmdb file is in hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml and it references https://hub-data.crowdsec.net/mmdb/GeoLite2-City.mmdb. I hope this is helpful.

[blotus]

Hello,

After investigating a bit more, the issue seems to only happen when you have a corrupted maxmind DB.

Could you upload the /var/lib/crowdsec/data/GeoLite2-City.mmdb file somewhere so we can have a look at the content ?

Do you see the unable to open GeoLite2-City.mmdb : error opening database: invalid MaxMind DB file message in the logs prior to the upgrade ? This would help us understand if the file got corrupted before or after the upgrade.

[bmendezlut]

The log message unable to open GeoLite2-City.mmdb: error opening database: invalid MaxMind DB fileappeared after the update, and it happened on 3 computers. When I reverted to CrowdSec version 1.6.1, it worked normally without any other changes. I created a repository with the 3 files from the 3 computers https://github.com/bmendezlut/GeoLite2-City.mmdb.

[blotus]

The 3 databases are corrupted and are way smaller than they should be: they are all around 7MB (each with a different size) but they should be around 60 MB. Do your machines use a proxy or something like this to access the internet ? Or do they have a "slow" internet connection ?

[bmendezlut]

No, I do not use any proxy or anything like that, and the internet is good, it's 500 megabytes. Sometimes it has packet loss, but it is very rare when that happens.