Fixed by myself, deleted directory and created a new captcha 
1 Like
docker logs Crowdsec shows
sqlite is not using WAL mode
the Crowdsec doc say it would be ok to add
use_wal: true
to db_conig in user_yaml
Will this be ok, here?
1 Like
I have not seen that before. Please try it
1 Like
Accept the enrollment on crowdsec console
1 Like
I did enroll and accepted it, it is shown on the ui. I do not see any alerts.
The decision list is empty.
oot@ubuntu-4gb-nbg1-2:~# docker exec -it crowdsec cscli metrics
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Acquisition Metrics โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโค
โ Source โ Lines read โ Lines parsed โ Lines unparsed โ Lines poured to bucket โ Lines whitelisted โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโค
โ file:/var/log/traefik/access.log โ 95 โ 95 โ - โ 74 โ - โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Local API Decisions โ
โโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโค
โ Reason โ Origin โ Action โ Count โ
โโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโผโโโโโโโโค
โ ssh:bruteforce โ CAPI โ ban โ 2699 โ
โ http:bruteforce โ CAPI โ ban โ 1432 โ
โ http:crawl โ CAPI โ ban โ 646 โ
โ http:exploit โ CAPI โ ban โ 8977 โ
โ http:scan โ CAPI โ ban โ 2546 โ
โฐโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโดโโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Local API Metrics โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโค
โ Route โ Method โ Hits โ
โโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ /v1/allowlists โ GET โ 21 โ
โ /v1/heartbeat โ GET โ 20 โ
โ /v1/usage-metrics โ POST โ 1 โ
โ /v1/watchers/login โ POST โ 1 โ
โฐโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Local API Machines Metrics โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโค
โ Machine โ Route โ Method โ Hits โ
โโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ localhost โ /v1/allowlists โ GET โ 21 โ
โ localhost โ /v1/heartbeat โ GET โ 20 โ
โฐโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Parser Metrics โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโค
โ Parsers โ Hits โ Parsed โ Unparsed โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโผโโโโโโโโโผโโโโโโโโโโโค
โ child-crowdsecurity/http-logs โ 285 โ 230 โ 55 โ
โ child-crowdsecurity/traefik-logs โ 190 โ 95 โ 95 โ
โ crowdsecurity/dateparse-enrich โ 95 โ 95 โ - โ
โ crowdsecurity/geoip-enrich โ 95 โ 95 โ - โ
โ crowdsecurity/http-logs โ 95 โ 95 โ - โ
โ crowdsecurity/non-syslog โ 95 โ 95 โ - โ
โ crowdsecurity/public-dns-allowlist โ 95 โ 95 โ - โ
โ crowdsecurity/traefik-logs โ 95 โ 95 โ - โ
โ crowdsecurity/whitelists โ 95 โ 95 โ - โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโดโโโโโโโโโดโโโโโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Scenario Metrics โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโค
โ Scenario โ Current Count โ Overflows โ Instantiated โ Poured โ Expired โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโค
โ crowdsecurity/http-crawl-non_statics โ 2 โ - โ 18 โ 43 โ 16 โ
โ crowdsecurity/http-probing โ 2 โ - โ 6 โ 29 โ 4 โ
โ crowdsecurity/http-sensitive-files โ - โ - โ 1 โ 2 โ 1 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Whitelist Metrics โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโฌโโโโโโโโโโโโโโค
โ Whitelist โ Reason โ Hits โ Whitelisted โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโผโโโโโโโโโโโโโโค
โ crowdsecurity/public-dns-allowlist โ public DNS server โ 95 โ - โ
โ crowdsecurity/whitelists โ private ipv4/ipv6 ip/ranges โ 95 โ - โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโดโโโโโโโโโโโโโโฏ
root@ubuntu-4gb-nbg1-2:~#
I do not find the error
1 Like
Apply the crowdsec middleware to a resource using the middleware manager
You should see some entries like this in resources-override.yml
10-router-auth:
entryPoints:
- websecure
middlewares:
- crowdsec@file
- badger@http
priority: 100
rule: "Host(`YOUR_RESOURCE_DOMAIN`)"
service: "10-service@http"
tls:
certResolver: "letsencrypt"
If not the crowdsec isnโt applied to your incoming routers
1 Like
I canโt access the MM dashboard. The following error message appears in the log, but unfortunately I donโt understand it with my limited abilities.
Initial resource check failed: failed to fetch resources: HTTP request failed: Get โ``http://pangolin:3001/api/v1/traefik-configโ:`` dial tcp 172.18.0.4:3001: connect: connection refused
Pangolin logs show api is started
2025-12-01T10:54:43+00:00 [info]: API server is running on http://localhost:3000
2025-12-01T10:54:43+00:00 [info]: Internal server is running on http://localhost:3001
After some minutes of wait, dashboard is reachable, I try
1 Like
Thank you for your patience and support.
I added the crowdsec bouncer to one resource, traefik dashboard shows the added middleware and no errors.
I added my IP, Step 14. Can see it in the decision list. The IP is not blocked, can access the resource
7-Calibre-router-auth-auth:
entryPoints:
- websecure
middlewares:
- crowdsec@file
- badger@http
priority: 100
rule: "Host(`xxxxxxxxxx`)"
service: "7-Calibre-service@http"
tls:
certResolver: "letsencrypt"
1 Like
its an overide file, its a separation from the main router/middleware we have to do to keep a track, what is your issue with it, anywhere it is causing a problem??
thankyou for explanation. Can I get rid off this override, please
1 Like
@hhf.technoloy Today I look at my logs, docker log crowdsec shows
/var/lib/crowdsec/data was found in a volume
Local agent already registered
Check if lapi needs to register an additional agent
Error: cscli console enroll: could not enroll instance: Post "https://api.crowdsec.net/v3/watchers/enroll": API error: Forbidden
I read the announcements from crowdsec and pangolin, edited the docker-compose.yml as mentioned.
It did not solve the problem, do I have to enroll a new engine or do I have to wait?
1 Like
I sent a mail to crowdsec and it took some time and it is working again.
1 Like
It was an issue on their(crowdsec) end and pangolinโs
does this point needs an update with
healthcheck:
test:
- CMD
- cscli
- lapi
- status
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
1 Like
Yes it needs. I will tell the the mod to update it.
Thatโs update now. Thank you
1 Like
Hi,
Thank you for the very helpful guide. I am currently installing Pangolin on Oracle VPS. I am getting the error at cscli hub update
How can I rectify the error?
Error is :
Error: cscli hub update: unable to retrieve latest crowdsec version: unable to send request to ``https://version.crowdsec.net/latest:`` Get โ``https://version.crowdsec.net/latestโ:`` dial tcp: lookup ``version.crowdsec.net`` on 169.254.169.254:53: read udp 172.17.0.2:32805->169.254.169.254:53: read: connection refused
1 Like
Use docker exec crowdsec cscli hub update