search

crowdsecurity / opnsense-plugin-crowdsec

OPNsense plugin for CrowdSec
MIT License
69 stars 5 forks source link

crowdsec fails to start after setting WAL mode for sqlite #36

Closed cookiemonsteruk closed 1 year ago

cookiemonsteruk commented 1 year ago

Hello. Versions first: root@OPNsense:/var/log/crowdsec # crowdsec --version

2023/02/13 15:48:29 version: v1.4.3-8a738f5b
2023/02/13 15:48:29 Codename: alphaga
2023/02/13 15:48:29 BuildDate: 2023-01-17_05:40:24
2023/02/13 15:48:29 GoVersion: 1.19.5
2023/02/13 15:48:29 Platform: freebsd
2023/02/13 15:48:29 Constraint_parser: >= 1.0, <= 2.0
2023/02/13 15:48:29 Constraint_scenario: >= 1.0, < 3.0
2023/02/13 15:48:29 Constraint_api: v1
2023/02/13 15:48:29 Constraint_acquis: >= 1.0, < 2.0

I am running crowdsec as a LAPI on my OPNSense firewall. One remote agent reports to it from the internal LAN, alongside the protection for the OPN firewall. I noticed a lack of alerts on the console app.crowdsec.net being logged so I started looking for clues. I expect some alerts to be logged but they seem to have stopped a few months ago. That is a separate issue to investigated. On OPN the crowdsec logfiles contained a new notice: "WARN[13-02-2023 03:36:57 PM] You are using sqlite without WAL, this can have an impact of performance. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning." I decided to enable the option and set db_config.use_wal: true in /usr/local/etc/crowdsec/config.yaml Following a restart of crowdsec to reload the config file for the change to take effect, the error appears:

time="13-02-2023 15:39:20" level=info msg="Killing parser routines"
time="13-02-2023 15:39:21" level=info msg="Bucket routine exiting"
time="13-02-2023 15:39:22" level=info msg="serve: shutting down api server"
time="13-02-2023 15:39:22" level=info msg="pluginTomb dying"
time="13-02-2023 15:39:22" level=info msg="killing all plugins"
time="13-02-2023 15:39:22" level=info msg="push tomb is dying, sending cache (0 elements) before exiting"
time="13-02-2023 15:39:22" level=warning msg="QueryExpiredDecisionsSinceWithFilters : sql: database is closed"
time="13-02-2023 15:39:22" level=error msg="unable to query expired decision for 'mercury' : expired decisions with filters: unable to query"
time="13-02-2023 15:39:22" level=warning msg="Crowdsec service shutting down"

I proceeded to then change to db_config.use_wal: false to just silence the warning, assuming maybe my version doesn't know how to handle the option but now it does not start either. The error is the same for db setting to true or false.

LaurenceJJones commented 1 year ago

Could you make sure the format is like this

db_config:
  use_wal: true
cookiemonsteruk commented 1 year ago

Could you make sure the format is like this

db_config:
  use_wal: true

Yes, that has allowed the setting. Thanks!