Appsec not working?

urbaman · February 25, 2026, 11:17am

Hi,

I’m trying to see if Appsec is working or not (cannot see any alerts triggered by appsec).

sudo cscli appsec-configs list
──────────────────────────────────────────────────────────────────────────────────────────────────────────
 APPSEC-CONFIGS
──────────────────────────────────────────────────────────────────────────────────────────────────────────
 Name                            📦 Status    Version  Local Path
──────────────────────────────────────────────────────────────────────────────────────────────────────────
 crowdsecurity/appsec-default    ✔️  enabled  0.4      /etc/crowdsec/appsec-configs/appsec-default.yaml
 crowdsecurity/crs               ✔️  enabled  0.3      /etc/crowdsec/appsec-configs/crs.yaml
 crowdsecurity/generic-rules     ✔️  enabled  0.4      /etc/crowdsec/appsec-configs/generic-rules.yaml
 crowdsecurity/virtual-patching  ✔️  enabled  0.4      /etc/crowdsec/appsec-configs/virtual-patching.yaml
─────────────────────────────────────────────────────────────────────────────────────────────────────────

sudo cscli appsec-rules list
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 APPSEC-RULES
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Name                                             📦 Status    Version  Local Path
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 crowdsecurity/appsec-generic-test                ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/appsec-generic-test.yaml
 crowdsecurity/base-config                        ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/base-config.yaml
 crowdsecurity/crs                                ✔️  enabled  0.5      /etc/crowdsec/appsec-rules/crs.yaml
 crowdsecurity/crs-exclusion-plugin-wordpress     ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/crs-exclusion-plugin-wordpress.yaml
 crowdsecurity/experimental-no-user-agent         ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/experimental-no-user-agent.yaml
 crowdsecurity/generic-freemarker-ssti            ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/generic-freemarker-ssti.yaml
 crowdsecurity/generic-wordpress-uploads-listing  ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/generic-wordpress-uploads-listing.yaml
 crowdsecurity/generic-wordpress-uploads-php      ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/generic-wordpress-uploads-php.yaml
 crowdsecurity/vpatch-connectwise-auth-bypass     ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-connectwise-auth-bypass.yaml
 crowdsecurity/vpatch-CVE-2002-1131               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2002-1131.yaml
 crowdsecurity/vpatch-CVE-2007-0885               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2007-0885.yaml
 crowdsecurity/vpatch-CVE-2017-9841               ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2017-9841.yaml
 crowdsecurity/vpatch-CVE-2018-1000861            ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-1000861.yaml
 crowdsecurity/vpatch-CVE-2018-10562              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-10562.yaml
 crowdsecurity/vpatch-CVE-2018-11511              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-11511.yaml
 crowdsecurity/vpatch-CVE-2018-1207               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-1207.yaml
 crowdsecurity/vpatch-CVE-2018-13317              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-13317.yaml
 crowdsecurity/vpatch-CVE-2018-13379              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-13379.yaml
 crowdsecurity/vpatch-CVE-2018-20062              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2018-20062.yaml
 crowdsecurity/vpatch-CVE-2019-1003030            ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-1003030.yaml
 crowdsecurity/vpatch-CVE-2019-12989              ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-12989.yaml
 crowdsecurity/vpatch-CVE-2019-18935              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-18935.yaml
 crowdsecurity/vpatch-CVE-2019-18952              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-18952.yaml
 crowdsecurity/vpatch-CVE-2019-5418               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-5418.yaml
 crowdsecurity/vpatch-CVE-2019-7276               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-7276.yaml
 crowdsecurity/vpatch-CVE-2019-9762               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2019-9762.yaml
 crowdsecurity/vpatch-CVE-2020-10987              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-10987.yaml
 crowdsecurity/vpatch-CVE-2020-11738              ✔️  enabled  0.6      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-11738.yaml
 crowdsecurity/vpatch-CVE-2020-13640              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-13640.yaml
 crowdsecurity/vpatch-CVE-2020-17496              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-17496.yaml
 crowdsecurity/vpatch-CVE-2020-25078              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-25078.yaml
 crowdsecurity/vpatch-CVE-2020-5902               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-5902.yaml
 crowdsecurity/vpatch-CVE-2020-8656               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-8656.yaml
 crowdsecurity/vpatch-CVE-2020-9054               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2020-9054.yaml
 crowdsecurity/vpatch-CVE-2021-22941              ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-22941.yaml
 crowdsecurity/vpatch-CVE-2021-25281              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-25281.yaml
 crowdsecurity/vpatch-CVE-2021-26072              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-26072.yaml
 crowdsecurity/vpatch-CVE-2021-26086              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-26086.yaml
 crowdsecurity/vpatch-CVE-2021-26294              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-26294.yaml
 crowdsecurity/vpatch-CVE-2021-3129               ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-3129.yaml
 crowdsecurity/vpatch-CVE-2021-32478              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-32478.yaml
 crowdsecurity/vpatch-CVE-2021-34427              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-34427.yaml
 crowdsecurity/vpatch-CVE-2021-43798              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-43798.yaml
 crowdsecurity/vpatch-CVE-2021-44529              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2021-44529.yaml
 crowdsecurity/vpatch-CVE-2022-1388               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-1388.yaml
 crowdsecurity/vpatch-CVE-2022-22954              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-22954.yaml
 crowdsecurity/vpatch-CVE-2022-22965              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-22965.yaml
 crowdsecurity/vpatch-CVE-2022-24086              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-24086.yaml
 crowdsecurity/vpatch-CVE-2022-25322              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-25322.yaml
 crowdsecurity/vpatch-CVE-2022-25488              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-25488.yaml
 crowdsecurity/vpatch-CVE-2022-26134              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-26134.yaml
 crowdsecurity/vpatch-CVE-2022-27926              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-27926.yaml
 crowdsecurity/vpatch-CVE-2022-31499              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-31499.yaml
 crowdsecurity/vpatch-CVE-2022-35914              ✔️  enabled  0.5      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-35914.yaml
 crowdsecurity/vpatch-CVE-2022-38627              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-38627.yaml
 crowdsecurity/vpatch-CVE-2022-41082              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-41082.yaml
 crowdsecurity/vpatch-CVE-2022-44877              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-44877.yaml
 crowdsecurity/vpatch-CVE-2022-46169              ✔️  enabled  0.5      /etc/crowdsec/appsec-rules/vpatch-CVE-2022-46169.yaml
 crowdsecurity/vpatch-CVE-2023-0297               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-0297.yaml
 crowdsecurity/vpatch-CVE-2023-0600               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-0600.yaml
 crowdsecurity/vpatch-CVE-2023-0900               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-0900.yaml
 crowdsecurity/vpatch-CVE-2023-1389               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-1389.yaml
 crowdsecurity/vpatch-CVE-2023-2009               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-2009.yaml
 crowdsecurity/vpatch-CVE-2023-20198              ✔️  enabled  0.6      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-20198.yaml
 crowdsecurity/vpatch-CVE-2023-22515              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-22515.yaml
 crowdsecurity/vpatch-CVE-2023-22527              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-22527.yaml
 crowdsecurity/vpatch-CVE-2023-23063              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-23063.yaml
 crowdsecurity/vpatch-CVE-2023-23488              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-23488.yaml
 crowdsecurity/vpatch-CVE-2023-23489              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-23489.yaml
 crowdsecurity/vpatch-CVE-2023-23752              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-23752.yaml
 crowdsecurity/vpatch-CVE-2023-24489              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-24489.yaml
 crowdsecurity/vpatch-CVE-2023-28121              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-28121.yaml
 crowdsecurity/vpatch-CVE-2023-3169               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-3169.yaml
 crowdsecurity/vpatch-CVE-2023-33617              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-33617.yaml
 crowdsecurity/vpatch-CVE-2023-34362              ✔️  enabled  0.6      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-34362.yaml
 crowdsecurity/vpatch-CVE-2023-35078              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-35078.yaml
 crowdsecurity/vpatch-CVE-2023-35082              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-35082.yaml
 crowdsecurity/vpatch-CVE-2023-3519               ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-3519.yaml
 crowdsecurity/vpatch-CVE-2023-38205              ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-38205.yaml
 crowdsecurity/vpatch-CVE-2023-40044              ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-40044.yaml
 crowdsecurity/vpatch-CVE-2023-42793              ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-42793.yaml
 crowdsecurity/vpatch-CVE-2023-4634               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-4634.yaml
 crowdsecurity/vpatch-CVE-2023-46805              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-46805.yaml
 crowdsecurity/vpatch-CVE-2023-47218              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-47218.yaml
 crowdsecurity/vpatch-CVE-2023-49070              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-49070.yaml
 crowdsecurity/vpatch-CVE-2023-50164              ✔️  enabled  0.6      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-50164.yaml
 crowdsecurity/vpatch-CVE-2023-6000               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-6000.yaml
 crowdsecurity/vpatch-CVE-2023-6360               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-6360.yaml
 crowdsecurity/vpatch-CVE-2023-6553               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-6553.yaml
 crowdsecurity/vpatch-CVE-2023-6567               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-6567.yaml
 crowdsecurity/vpatch-CVE-2023-6623               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-6623.yaml
 crowdsecurity/vpatch-CVE-2023-7028               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2023-7028.yaml
 crowdsecurity/vpatch-CVE-2024-0012               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-0012.yaml
 crowdsecurity/vpatch-CVE-2024-0204               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-0204.yaml
 crowdsecurity/vpatch-CVE-2024-1061               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-1061.yaml
 crowdsecurity/vpatch-CVE-2024-1071               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-1071.yaml
 crowdsecurity/vpatch-CVE-2024-1212               ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-1212.yaml
 crowdsecurity/vpatch-CVE-2024-22024              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-22024.yaml
 crowdsecurity/vpatch-CVE-2024-23897              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-23897.yaml
 crowdsecurity/vpatch-CVE-2024-27198              ✔️  enabled  0.5      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-27198.yaml
 crowdsecurity/vpatch-CVE-2024-27292              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-27292.yaml
 crowdsecurity/vpatch-CVE-2024-27348              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-27348.yaml
 crowdsecurity/vpatch-CVE-2024-27564              ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-27564.yaml
 crowdsecurity/vpatch-CVE-2024-27954              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-27954.yaml
 crowdsecurity/vpatch-CVE-2024-27956              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-27956.yaml
 crowdsecurity/vpatch-CVE-2024-28255              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-28255.yaml
 crowdsecurity/vpatch-CVE-2024-2862               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-2862.yaml
 crowdsecurity/vpatch-CVE-2024-28987              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-28987.yaml
 crowdsecurity/vpatch-CVE-2024-29028              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-29028.yaml
 crowdsecurity/vpatch-CVE-2024-29824              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-29824.yaml
 crowdsecurity/vpatch-CVE-2024-29849              ✔️  enabled  0.5      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-29849.yaml
 crowdsecurity/vpatch-CVE-2024-29973              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-29973.yaml
 crowdsecurity/vpatch-CVE-2024-32113              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-32113.yaml
 crowdsecurity/vpatch-CVE-2024-3272               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-3272.yaml
 crowdsecurity/vpatch-CVE-2024-3273               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-3273.yaml
 crowdsecurity/vpatch-CVE-2024-32870              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-32870.yaml
 crowdsecurity/vpatch-CVE-2024-34102              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-34102.yaml
 crowdsecurity/vpatch-CVE-2024-38816              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-38816.yaml
 crowdsecurity/vpatch-CVE-2024-38856              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-38856.yaml
 crowdsecurity/vpatch-CVE-2024-41713              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-41713.yaml
 crowdsecurity/vpatch-CVE-2024-4577               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-4577.yaml
 crowdsecurity/vpatch-CVE-2024-46506              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-46506.yaml
 crowdsecurity/vpatch-CVE-2024-5057               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-5057.yaml
 crowdsecurity/vpatch-CVE-2024-51378              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-51378.yaml
 crowdsecurity/vpatch-CVE-2024-51482              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-51482.yaml
 crowdsecurity/vpatch-CVE-2024-51567              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-51567.yaml
 crowdsecurity/vpatch-CVE-2024-51977              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-51977.yaml
 crowdsecurity/vpatch-CVE-2024-52301              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-52301.yaml
 crowdsecurity/vpatch-CVE-2024-57727              ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-57727.yaml
 crowdsecurity/vpatch-CVE-2024-6205               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-6205.yaml
 crowdsecurity/vpatch-CVE-2024-6235               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-6235.yaml
 crowdsecurity/vpatch-CVE-2024-7593               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-7593.yaml
 crowdsecurity/vpatch-CVE-2024-8190               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-8190.yaml
 crowdsecurity/vpatch-CVE-2024-8911               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-8911.yaml
 crowdsecurity/vpatch-CVE-2024-8943               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-8943.yaml
 crowdsecurity/vpatch-CVE-2024-8963               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-8963.yaml
 crowdsecurity/vpatch-CVE-2024-9465               ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-9465.yaml
 crowdsecurity/vpatch-CVE-2024-9474               ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-CVE-2024-9474.yaml
 crowdsecurity/vpatch-CVE-2025-11700              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-11700.yaml
 crowdsecurity/vpatch-CVE-2025-13315              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-13315.yaml
 crowdsecurity/vpatch-CVE-2025-24893              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-24893.yaml
 crowdsecurity/vpatch-CVE-2025-25257              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-25257.yaml
 crowdsecurity/vpatch-CVE-2025-2611               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-2611.yaml
 crowdsecurity/vpatch-CVE-2025-27222              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-27222.yaml
 crowdsecurity/vpatch-CVE-2025-27223              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-27223.yaml
 crowdsecurity/vpatch-CVE-2025-28367              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-28367.yaml
 crowdsecurity/vpatch-CVE-2025-29306              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-29306.yaml
 crowdsecurity/vpatch-CVE-2025-29927              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-29927.yaml
 crowdsecurity/vpatch-CVE-2025-31161              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-31161.yaml
 crowdsecurity/vpatch-CVE-2025-31324              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-31324.yaml
 crowdsecurity/vpatch-CVE-2025-3248               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-3248.yaml
 crowdsecurity/vpatch-CVE-2025-34291              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-34291.yaml
 crowdsecurity/vpatch-CVE-2025-3605               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-3605.yaml
 crowdsecurity/vpatch-CVE-2025-36604              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-36604.yaml
 crowdsecurity/vpatch-CVE-2025-37164              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-37164.yaml
 crowdsecurity/vpatch-CVE-2025-47188              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-47188.yaml
 crowdsecurity/vpatch-CVE-2025-47812              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-47812.yaml
 crowdsecurity/vpatch-CVE-2025-49113              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-49113.yaml
 crowdsecurity/vpatch-CVE-2025-49132              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-49132.yaml
 crowdsecurity/vpatch-CVE-2025-52488              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-52488.yaml
 crowdsecurity/vpatch-CVE-2025-52970              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-52970.yaml
 crowdsecurity/vpatch-CVE-2025-54249              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-54249.yaml
 crowdsecurity/vpatch-CVE-2025-55182              ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-55182.yaml
 crowdsecurity/vpatch-CVE-2025-55748              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-55748.yaml
 crowdsecurity/vpatch-CVE-2025-55749              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-55749.yaml
 crowdsecurity/vpatch-CVE-2025-56520              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-56520.yaml
 crowdsecurity/vpatch-CVE-2025-57819              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-57819.yaml
 crowdsecurity/vpatch-CVE-2025-61882              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-61882.yaml
 crowdsecurity/vpatch-CVE-2025-64446              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-64446.yaml
 crowdsecurity/vpatch-CVE-2025-8110               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-8110.yaml
 crowdsecurity/vpatch-CVE-2025-9316               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2025-9316.yaml
 crowdsecurity/vpatch-CVE-2026-1281               ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2026-1281.yaml
 crowdsecurity/vpatch-CVE-2026-23744              ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-CVE-2026-23744.yaml
 crowdsecurity/vpatch-env-access                  ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-env-access.yaml
 crowdsecurity/vpatch-git-config                  ✔️  enabled  0.4      /etc/crowdsec/appsec-rules/vpatch-git-config.yaml
 crowdsecurity/vpatch-laravel-debug-mode          ✔️  enabled  0.3      /etc/crowdsec/appsec-rules/vpatch-laravel-debug-mode.yaml
 crowdsecurity/vpatch-symfony-profiler            ✔️  enabled  0.1      /etc/crowdsec/appsec-rules/vpatch-symfony-profiler.yaml
 crowdsecurity/vpatch-WT-2026-0001                ✔️  enabled  0.2      /etc/crowdsec/appsec-rules/vpatch-WT-2026-0001.yaml
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

sudo tail -f /var/log/crowdsec.log | grep appsec
time="2026-02-25T12:15:33+01:00" level=debug msg="Event leaving node: ko (failed filter)" id=winter-snowflake module=parser name=crowdsecurity/appsec-logs stage=s01-parse
time="2026-02-25T12:15:33+01:00" level=debug msg="Event leaving node: ko (failed filter)" id=winter-snowflake module=parser name=crowdsecurity/appsec-logs stage=s01-parse
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node: ko (failed filter)" id=winter-snowflake module=parser name=crowdsecurity/appsec-logs stage=s01-parse
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=long-violet name=crowdsecurity/appsec-generic-test
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=falling-rain name=crowdsecurity/appsec-native
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=spring-bird name=crowdsecurity/appsec-vpatch
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=cold-violet name=crowdsecurity/crowdsec-appsec-outofband
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node: ko (failed filter)" id=winter-snowflake module=parser name=crowdsecurity/appsec-logs stage=s01-parse
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=long-violet name=crowdsecurity/appsec-generic-test
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=falling-rain name=crowdsecurity/appsec-native
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=spring-bird name=crowdsecurity/appsec-vpatch
time="2026-02-25T12:15:41+01:00" level=debug msg="Event leaving node : ko (filter mismatch)" cfg=cold-violet name=crowdsecurity/crowdsec-appsec-outofband

appsec_configs:
  - crowdsecurity/appsec-default
  - crowdsecurity/crs
labels:
  type: appsec
listen_addr: 127.0.0.1:7422
source: appsec
name: ContaboAppSec

Is it actually failing to parse logs or something?

iiAmLoz · February 26, 2026, 8:32am

So you scaffold appsec to listen on 7422 via localhost, did you configure your webserver to forward the requests to be evaluated?

we have guides on the currently supported webservers.

Topic		Replies	Views
Crowdsec parser issues crowdsec	3	1038	January 3, 2025
Crowdsec and Virtualmin (on Ubuntu 24.04) crowdsec	1	82	September 27, 2025
Error in appSec config crowdsec	1	14	February 5, 2026
New setup - right setup? crowdsec	4	1178	November 8, 2023
Question about how to read the metrics	11	3917	January 27, 2021

Appsec not working?

Related topics