search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.92k stars 464 forks source link

Missing metric cs_lapi_decision #3290

Open DuvelCorp opened 2 hours ago

DuvelCorp commented 2 hours ago

What happened?

Just installed Crowdsec for Caddy. Everything seems to work fine I triggered myself from a VPN IP an alert by scanning manually several sensitive files, and I got banned as expected : 


tom@cerbere:/opt/crowdsec/config$ docker exec crowdsec cscli decisions list
+-------+----------+------------------+------------------------------------+--------+---------+---------------------------------------+--------+------------+----------+
|   ID  |  Source  |    Scope:Value   |               Reason               | Action | Country |                   AS                  | Events | expiration | Alert ID |
+-------+----------+------------------+------------------------------------+--------+---------+---------------------------------------+--------+------------+----------+
| 84721 | crowdsec | Ip:45.134.79.139 | crowdsecurity/http-sensitive-files | ban    | FR      | 39486 HostRoyale Technologies Pvt Ltd | 6      | 2h49m26s   | 8        |
+-------+----------+------------------+------------------------------------+--------+---------+---------------------------------------+--------+------------+----------+

tom@cerbere:/opt/crowdsec/config$ docker exec crowdsec cscli alerts list
+----+------------------+------------------------------------+---------+---------------------------------------+-----------+-----------------------------------------+
| ID |       value      |               reason               | country |                   as                  | decisions |                created_at               |
+----+------------------+------------------------------------+---------+---------------------------------------+-----------+-----------------------------------------+
| 8  | Ip:45.134.79.139 | crowdsecurity/http-sensitive-files | FR      | 39486 HostRoyale Technologies Pvt Ltd | ban:1     | 2024-10-19 16:04:34.205253523 +0000 UTC |
+----+------------------+------------------------------------+---------+---------------------------------------+-----------+-----------------------------------------+

Prometheus seems to retrieve correctly most of crowdsec metrics :

image image

However I dont get any metric cs_lapi_decision According to me I should have received it as there is an active decision on-going. This prevent me to add a list of banned IPs and their Geomap in Grafana, which probably the most important information.

Is there something I missed?

What did you expect to happen?

Get metric data cs_lapi_decision

How can we reproduce it (as minimally and precisely as possible)?

I dont know

Anything else we need to know?

No response

Crowdsec version

```console version: v1.6.3-4851945a Codename: alphaga BuildDate: 2024-09-12_09:39:08 GoVersion: 1.22.6 Platform: docker libre2: C++ User-Agent: crowdsec/v1.6.3-4851945a-docker Constraint_parser: >= 1.0, <= 3.0 Constraint_scenario: >= 1.0, <= 3.0 Constraint_api: v1 Constraint_acquis: >= 1.0, < 2.0 ```

OS version

```console # On Linux: $ cat /etc/os-release # paste output here $ uname -a # paste output here # On Windows: C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture # paste output here ```

Enabled collections and parsers

```console $ cscli hub list -o raw # paste output here ```

Acquisition config

```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* # paste output here # On Windows: C:\> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml # paste output here

Config show

```console $ cscli config show # paste output here ```

Prometheus metrics

```console $ cscli metrics # paste output here ```

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

github-actions[bot] commented 2 hours ago

@DuvelCorp: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.