CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
Just installed Crowdsec for Caddy.
Everything seems to work fine
I triggered myself from a VPN IP an alert by scanning manually several sensitive files, and I got banned as expected :
tom@cerbere:/opt/crowdsec/config$ docker exec crowdsec cscli decisions list
+-------+----------+------------------+------------------------------------+--------+---------+---------------------------------------+--------+------------+----------+
| ID | Source | Scope:Value | Reason | Action | Country | AS | Events | expiration | Alert ID |
+-------+----------+------------------+------------------------------------+--------+---------+---------------------------------------+--------+------------+----------+
| 84721 | crowdsec | Ip:45.134.79.139 | crowdsecurity/http-sensitive-files | ban | FR | 39486 HostRoyale Technologies Pvt Ltd | 6 | 2h49m26s | 8 |
+-------+----------+------------------+------------------------------------+--------+---------+---------------------------------------+--------+------------+----------+
tom@cerbere:/opt/crowdsec/config$ docker exec crowdsec cscli alerts list
+----+------------------+------------------------------------+---------+---------------------------------------+-----------+-----------------------------------------+
| ID | value | reason | country | as | decisions | created_at |
+----+------------------+------------------------------------+---------+---------------------------------------+-----------+-----------------------------------------+
| 8 | Ip:45.134.79.139 | crowdsecurity/http-sensitive-files | FR | 39486 HostRoyale Technologies Pvt Ltd | ban:1 | 2024-10-19 16:04:34.205253523 +0000 UTC |
+----+------------------+------------------------------------+---------+---------------------------------------+-----------+-----------------------------------------+
Prometheus seems to retrieve correctly most of crowdsec metrics :
However I dont get any metric cs_lapi_decision
According to me I should have received it as there is an active decision on-going.
This prevent me to add a list of banned IPs and their Geomap in Grafana, which probably the most important information.
Is there something I missed?
What did you expect to happen?
Get metric data cs_lapi_decision
How can we reproduce it (as minimally and precisely as possible)?
```console
# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here
# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here
```
Enabled collections and parsers
```console
$ cscli hub list -o raw
# paste output here
```
Acquisition config
```console
# On Linux:
$ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/*
# paste output here
# On Windows:
C:\> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
# paste output here
Config show
```console
$ cscli config show
# paste output here
```
Prometheus metrics
```console
$ cscli metrics
# paste output here
```
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.
Check Releases to make sure your agent is on the latest version.
Details
I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
What happened?
Just installed Crowdsec for Caddy. Everything seems to work fine I triggered myself from a VPN IP an alert by scanning manually several sensitive files, and I got banned as expected :
Prometheus seems to retrieve correctly most of crowdsec metrics :
However I dont get any metric cs_lapi_decision According to me I should have received it as there is an active decision on-going. This prevent me to add a list of banned IPs and their Geomap in Grafana, which probably the most important information.
Is there something I missed?
What did you expect to happen?
Get metric data cs_lapi_decision
How can we reproduce it (as minimally and precisely as possible)?
I dont know
Anything else we need to know?
No response
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.