smu44
June 19, 2022, 5:17am
1
Hi there!
Trying Creating whitelist | CrowdSec here, canβt figure out why itβs not working
Just changed the domain part from the example file, gives me a /etc/crowdsec/postoverflows/s01-whitelists/Wanadoo.yml
:
name: me/Wanadoo
description: lets whitelist our own reverse dns
whitelist:
reason: dont ban my ISP
expression:
#this is the reverse of my ip, you can get it by performing a "host" command on your public IP for example
- evt.Enriched.reverse_dns endsWith '.abo.wanadoo.fr.'
A cscli postoverflows
list gives:
INFO[19-06-2022 06:51:34 AM] Ignoring file /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/bucket-dump.yaml of type parsers
INFO[19-06-2022 06:51:34 AM] Ignoring file /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/bucketpour-dump.yaml of type parsers
INFO[19-06-2022 06:51:34 AM] Ignoring file /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/parser-dump.yaml of type parsers
POSTOVERFLOWS
--------------------------------------------------------------------------------------------------------
NAME π¦ STATUS VERSION LOCAL PATH
--------------------------------------------------------------------------------------------------------
Wanadoo.yml π enabled,local /etc/crowdsec/postoverflows/s01-whitelists/Wanadoo.yml
crowdsecurity/rdns βοΈ enabled 0.2 /etc/crowdsec/postoverflows/s00-enrich/rdns.yaml
--------------------------------------------------------------------------------------------------------
A cscli postoverflow inspect Wanadoo.yml
gives an error at the end, I think itβs OK as itβs never used:
INFO[19-06-2022 06:53:00 AM] Ignoring file /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/bucket-dump.yaml of type parsers
INFO[19-06-2022 06:53:00 AM] Ignoring file /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/bucketpour-dump.yaml of type parsers
INFO[19-06-2022 06:53:00 AM] Ignoring file /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/parser-dump.yaml of type parsers
type: postoverflows
stage: s01-whitelists
name: Wanadoo.yml
filename: Wanadoo.yml
author: ""
version: ""
local_path: /etc/crowdsec/postoverflows/s01-whitelists/Wanadoo.yml
localversion: ""
localhash: ""
installed: true
downloaded: false
uptodate: true
tainted: false
local: true
Current metrics :
ERRO[19-06-2022 06:53:00 AM] item of type 'postoverflows' is unknown
Thanks to Nextcloud and some spurious app, my IP get easily banned (http-probing).
In decisions and alerts lists, AS and country are OK.
Performing a reverse DNS query with host
gives an RDNS record ending with abo.wanadoo.fr.
Nothing about postoverflow in crowdsec log (of course it was restarted after adding my whitelist).
Any idea or help welcome !
Hello,
First, be careful, you might have run the cscli explain
command inside /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/
and you have garbage files left (you can remove them).
Can you share crowdsec logs when an alerts is triggered please ? maybe we can see some useful informations to check why the post overflows doesnβt work.
Can you also share the output of cscli metrics
please?
If you have also an output of a cscli explain --verbose --file <path_to_log_file> --type <log_type>
to check what parsers/postoverflows are working or not. Please put only 1 or 2 lines in the file, and the type should be same as mentionned in your acquis.yaml file.
smu44
June 21, 2022, 6:14am
3
Hi,
Thanks for your reply!
I cleaned up my garbage, thank you for the warning
Here is the log for the last time it happened (only βcapi metricsβ before & after):
time="18-06-2022 15:02:59" level=info msg="Ip 2.8.x.x performed 'crowdsecurity/http-probing' (11 events over 4.331772511s) at 2022-06-18 13:02:59.145650565 +0000 UTC"
time="18-06-2022 15:03:00" level=info msg="(4c4a8f75b33b4bfc93a37001820c6fd336VkIz2OUv4oXnWW/crowdsec) crowdsecurity/http-probing by ip 2.8.x.x (FR/3215) : 596h ban on Ip 2.8.x.x"
time="18-06-2022 15:03:25" level=info msg="Signal push: 1 signals to push"
My metrics:
INFO[21-06-2022 07:42:04 AM] Buckets Metrics:
+-----------------------------------------+---------------+-----------+--------------+--------+---------+
| BUCKET | CURRENT COUNT | OVERFLOWS | INSTANTIATED | POURED | EXPIRED |
+-----------------------------------------+---------------+-----------+--------------+--------+---------+
| crowdsecurity/dovecot-spam | - | - | 2 | 2 | 2 |
| crowdsecurity/http-backdoors-attempts | - | 3 | 3 | 6 | - |
| crowdsecurity/http-bad-user-agent | - | 10 | 25 | 35 | 15 |
| crowdsecurity/http-crawl-non_statics | - | - | 10.71k | 14.25k | 10.71k |
| crowdsecurity/http-open-proxy | - | 8 | 8 | - | - |
| crowdsecurity/http-probing | - | 5 | 1.01k | 2.48k | 1.00k |
| crowdsecurity/http-sensitive-files | - | - | 75 | 80 | 75 |
| crowdsecurity/iptables-scan-multi_ports | 9 | 193 | 61.47k | 70.38k | 61.27k |
| crowdsecurity/postfix-spam | - | 10 | 2.56k | 2.77k | 2.55k |
| crowdsecurity/thinkphp-cve-2018-20062 | - | 2 | 2 | - | - |
+-----------------------------------------+---------------+-----------+--------------+--------+---------+
INFO[21-06-2022 07:42:04 AM] Acquisition Metrics:
+------------------------+------------+--------------+----------------+------------------------+
| SOURCE | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET |
+------------------------+------------+--------------+----------------+------------------------+
| docker:mailserver | 72.14k | 11.79k | 60.34k | 2.77k |
| docker:nextcloud | 32.71k | - | 32.71k | - |
| docker:nginx | 35.86k | 35.23k | 632 | 16.78k |
| docker:postfixadmin | 54 | 48 | 6 | - |
| docker:welcome | 284 | 278 | 6 | 77 |
| file:/var/log/auth.log | 10.03k | - | 10.03k | - |
| file:/var/log/kern.log | 22.27k | 22.24k | 27 | 10.14k |
| file:/var/log/syslog | 29.44k | 22.24k | 7.20k | 9.45k |
| file:/var/log/ufw.log | 51.92k | 51.86k | 53 | 50.80k |
+------------------------+------------+--------------+----------------+------------------------+
INFO[21-06-2022 07:42:04 AM] Parser Metrics:
+------------------------------------+---------+---------+----------+
| PARSERS | HITS | PARSED | UNPARSED |
+------------------------------------+---------+---------+----------+
| child-crowdsecurity/dovecot-logs | 21.61k | 9.02k | 12.59k |
| child-crowdsecurity/http-logs | 106.67k | 77.61k | 29.06k |
| child-crowdsecurity/nextcloud-logs | 65.42k | - | 65.42k |
| child-crowdsecurity/nginx-logs | 36.88k | 35.56k | 1.32k |
| child-crowdsecurity/postfix-logs | 74.15k | 2.77k | 71.38k |
| child-crowdsecurity/sshd-logs | 500 | - | 500 |
| child-crowdsecurity/syslog-logs | 185.78k | 185.78k | - |
| crowdsecurity/dateparse-enrich | 143.69k | 143.69k | - |
| crowdsecurity/dovecot-logs | 13.22k | 9.02k | 4.20k |
| crowdsecurity/geoip-enrich | 143.69k | 143.69k | - |
| crowdsecurity/http-logs | 35.56k | 34.65k | 909 |
| crowdsecurity/iptables-logs | 96.40k | 96.34k | 57 |
| crowdsecurity/nextcloud-logs | 32.71k | - | 32.71k |
| crowdsecurity/nginx-logs | 36.20k | 35.56k | 644 |
| crowdsecurity/non-syslog | 68.91k | 68.91k | - |
| crowdsecurity/postfix-logs | 25.76k | 2.77k | 22.99k |
| crowdsecurity/rdns | 37 | 37 | - |
| crowdsecurity/sshd-logs | 50 | - | 50 |
| crowdsecurity/syslog-logs | 185.78k | 185.78k | - |
| crowdsecurity/whitelists | 143.69k | 143.69k | - |
+------------------------------------+---------+---------+----------+
INFO[21-06-2022 07:42:04 AM] Local Api Metrics:
+----------------------+--------+--------+
| ROUTE | METHOD | HITS |
+----------------------+--------+--------+
| /v1/alerts | GET | 4 |
| /v1/alerts | POST | 37 |
| /v1/alerts/1516 | GET | 3 |
| /v1/decisions | DELETE | 1 |
| /v1/decisions/1516 | DELETE | 1 |
| /v1/decisions/stream | GET | 103813 |
| /v1/watchers/login | POST | 40 |
+----------------------+--------+--------+
INFO[21-06-2022 07:42:04 AM] Local Api Machines Metrics:
+--------------------------------------------------+--------------------+--------+------+
| MACHINE | ROUTE | METHOD | HITS |
+--------------------------------------------------+--------------------+--------+------+
| 4c4a8f75b33b4bfc93a37001820c6fd336VkIz2OUv4oXnWW | /v1/decisions | DELETE | 1 |
| 4c4a8f75b33b4bfc93a37001820c6fd336VkIz2OUv4oXnWW | /v1/decisions/1516 | DELETE | 1 |
| 4c4a8f75b33b4bfc93a37001820c6fd336VkIz2OUv4oXnWW | /v1/alerts | GET | 4 |
| 4c4a8f75b33b4bfc93a37001820c6fd336VkIz2OUv4oXnWW | /v1/alerts | POST | 37 |
| 4c4a8f75b33b4bfc93a37001820c6fd336VkIz2OUv4oXnWW | /v1/alerts/1516 | GET | 3 |
+--------------------------------------------------+--------------------+--------+------+
INFO[21-06-2022 07:42:04 AM] Local Api Bouncers Metrics:
+----------------------------+----------------------+--------+--------+
| BOUNCER | ROUTE | METHOD | HITS |
+----------------------------+----------------------+--------+--------+
| FirewallBouncer-1648654646 | /v1/decisions/stream | GET | 103813 |
+----------------------------+----------------------+--------+--------+
As I use Docker DSN, I had to copy/paste 2 lines of docker-compose logs
in a file β¦
line: nginx | 2.8.x.x - me@mydomain.net [18/Jun/2022:13:02:56 +0000] "PROPFIND /remote.php/webdav/Photos/usbcamera/ HTTP/1.1" 404 255 "-" "" "-"
β s00-raw
| β π’ crowdsecurity/non-syslog (first_parser)
| β π΄ crowdsecurity/syslog-logs
β s01-parse
| β π΄ crowdsecurity/apache2-logs
| β π΄ crowdsecurity/dovecot-logs
| β π΄ crowdsecurity/iptables-logs
| β π΄ crowdsecurity/mysql-logs
| β π΄ crowdsecurity/nextcloud-logs
| β π’ crowdsecurity/nginx-logs (+21 ~2)
| β update evt.Stage : s01-parse -> s02-enrich
| β create evt.Parsed.proxy_alternative_upstream_name :
| β create evt.Parsed.target_fqdn :
| β create evt.Parsed.body_bytes_sent : 255
| β create evt.Parsed.proxy_upstream_name :
| β create evt.Parsed.request_length :
| β create evt.Parsed.time_local : 18/Jun/2022:13:02:56 +0000
| β create evt.Parsed.http_referer : -
| β create evt.Parsed.http_user_agent :
| β create evt.Parsed.remote_user : me@mydomain.net
| β create evt.Parsed.request : /remote.php/webdav/Photos/usbcamera/
| β create evt.Parsed.request_time :
| β create evt.Parsed.status : 404
| β create evt.Parsed.verb : PROPFIND
| β create evt.Parsed.http_version : 1.1
| β create evt.Parsed.remote_addr : 2.8.x.x
| β update evt.StrTime : -> 18/Jun/2022:13:02:56 +0000
| β create evt.Meta.http_path : /remote.php/webdav/Photos/usbcamera/
| β create evt.Meta.http_status : 404
| β create evt.Meta.http_verb : PROPFIND
| β create evt.Meta.log_type : http_access-log
| β create evt.Meta.service : http
| β create evt.Meta.source_ip : 2.8.x.x
β s02-enrich
| β π’ crowdsecurity/dateparse-enrich (+2 ~1)
| β create evt.Enriched.MarshaledTime : 2022-06-18T13:02:56Z
| β update evt.MarshaledTime : -> 2022-06-18T13:02:56Z
| β create evt.Meta.timestamp : 2022-06-18T13:02:56Z
| β π’ crowdsecurity/geoip-enrich (+13)
| β create evt.Enriched.ASNOrg : Orange
| β create evt.Enriched.Longitude : x
| β create evt.Enriched.SourceRange : 2.0.0.0/12
| β create evt.Enriched.ASNNumber : 3215
| β create evt.Enriched.ASNumber : 3215
| β create evt.Enriched.IsInEU : true
| β create evt.Enriched.IsoCode : FR
| β create evt.Enriched.Latitude : x
| β create evt.Meta.ASNNumber : 3215
| β create evt.Meta.ASNOrg : Orange
| β create evt.Meta.IsInEU : true
| β create evt.Meta.IsoCode : FR
| β create evt.Meta.SourceRange : 2.0.0.0/12
| β π’ crowdsecurity/http-logs (+7)
| β create evt.Parsed.file_name : usbcamera/
| β create evt.Parsed.impact_completion : false
| β create evt.Parsed.static_ressource : false
| β create evt.Parsed.file_frag : usbcamera/
| β create evt.Parsed.file_dir : /remote.php/webdav/Photos/
| β create evt.Parsed.file_ext :
| β create evt.Meta.http_args_len : 0
| β π’ crowdsecurity/whitelists (unchanged)
β-------- parser success π’
β Scenarios
β π’ crowdsecurity/http-probing
line: nginx | 2.8.x.x - me@mydomain.net [18/Jun/2022:13:02:57 +0000] "PROPFIND /remote.php/webdav/Photos/SnakeCamera/ HTTP/1.1" 404 257 "-" "" "-"
β s00-raw
| β π’ crowdsecurity/non-syslog (first_parser)
| β π΄ crowdsecurity/syslog-logs
β s01-parse
| β π΄ crowdsecurity/apache2-logs
| β π΄ crowdsecurity/dovecot-logs
| β π΄ crowdsecurity/iptables-logs
| β π΄ crowdsecurity/mysql-logs
| β π΄ crowdsecurity/nextcloud-logs
| β π’ crowdsecurity/nginx-logs (+21 ~2)
| β update evt.Stage : s01-parse -> s02-enrich
| β create evt.Parsed.proxy_alternative_upstream_name :
| β create evt.Parsed.proxy_upstream_name :
| β create evt.Parsed.request_length :
| β create evt.Parsed.request_time :
| β create evt.Parsed.body_bytes_sent : 257
| β create evt.Parsed.verb : PROPFIND
| β create evt.Parsed.http_referer : -
| β create evt.Parsed.remote_addr : 2.8.x.x
| β create evt.Parsed.remote_user : me@mydomain.net
| β create evt.Parsed.request : /remote.php/webdav/Photos/SnakeCamera/
| β create evt.Parsed.status : 404
| β create evt.Parsed.target_fqdn :
| β create evt.Parsed.http_user_agent :
| β create evt.Parsed.http_version : 1.1
| β create evt.Parsed.time_local : 18/Jun/2022:13:02:57 +0000
| β update evt.StrTime : -> 18/Jun/2022:13:02:57 +0000
| β create evt.Meta.http_path : /remote.php/webdav/Photos/SnakeCamera/
| β create evt.Meta.http_status : 404
| β create evt.Meta.http_verb : PROPFIND
| β create evt.Meta.log_type : http_access-log
| β create evt.Meta.service : http
| β create evt.Meta.source_ip : 2.8.x.x
β s02-enrich
| β π’ crowdsecurity/dateparse-enrich (+2 ~1)
| β create evt.Enriched.MarshaledTime : 2022-06-18T13:02:57Z
| β update evt.MarshaledTime : -> 2022-06-18T13:02:57Z
| β create evt.Meta.timestamp : 2022-06-18T13:02:57Z
| β π’ crowdsecurity/geoip-enrich (+13)
| β create evt.Enriched.Latitude : x
| β create evt.Enriched.Longitude : x
| β create evt.Enriched.SourceRange : 2.0.0.0/12
| β create evt.Enriched.ASNNumber : 3215
| β create evt.Enriched.ASNOrg : Orange
| β create evt.Enriched.IsInEU : true
| β create evt.Enriched.IsoCode : FR
| β create evt.Enriched.ASNumber : 3215
| β create evt.Meta.IsInEU : true
| β create evt.Meta.SourceRange : 2.0.0.0/12
| β create evt.Meta.ASNOrg : Orange
| β create evt.Meta.ASNNumber : 3215
| β create evt.Meta.IsoCode : FR
| β π’ crowdsecurity/http-logs (+7)
| β create evt.Parsed.file_ext :
| β create evt.Parsed.file_frag : SnakeCamera/
| β create evt.Parsed.file_name : SnakeCamera/
| β create evt.Parsed.file_dir : /remote.php/webdav/Photos/
| β create evt.Parsed.impact_completion : false
| β create evt.Parsed.static_ressource : false
| β create evt.Meta.http_args_len : 0
| β π’ crowdsecurity/whitelists (unchanged)
β-------- parser success π’
β Scenarios
β π’ crowdsecurity/http-probing
Hope this contains something of interest ?
smu44
June 22, 2022, 7:55am
4
It happened again today, here is the explain:
root@vcs1:~# cscli explain -v -f ./bug.txt -t nginx
line: nginx | 2022-06-22T07:32:24.874752782Z 2.8.x.x - - [22/Jun/2022:07:32:24 +0000] "GET /apps/bookmarks/folder/28/publictoken HTTP/2.0" 404 49 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.160 YaBrowser/22.5.2.615 Yowser/2.5 Safari/537.36" "-"
β s00-raw
| β π’ crowdsecurity/non-syslog (first_parser)
| β π΄ crowdsecurity/syslog-logs
β s01-parse
| β π΄ crowdsecurity/apache2-logs
| β π΄ crowdsecurity/dovecot-logs
| β π΄ crowdsecurity/iptables-logs
| β π΄ crowdsecurity/mysql-logs
| β π΄ crowdsecurity/nextcloud-logs
| β π’ crowdsecurity/nginx-logs (+23 ~2)
| β update evt.Stage : s01-parse -> s02-enrich
| β create evt.Parsed.proxy_upstream_name :
| β create evt.Parsed.request : /apps/bookmarks/folder/28/publictoken
| β create evt.Parsed.request_length :
| β create evt.Parsed.status : 404
| β create evt.Parsed.target_fqdn : 24.874752782Z
| β create evt.Parsed.verb : GET
| β create evt.Parsed.proxy_alternative_upstream_name :
| β create evt.Parsed.http_user_agent : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.160 YaBrowser/22.5.2.615 Yowser/2.5 Safari/537.36
| β create evt.Parsed.request_time :
| β create evt.Parsed.remote_user : -
| β create evt.Parsed.time_local : 22/Jun/2022:07:32:24 +0000
| β create evt.Parsed.http_version : 2.0
| β create evt.Parsed.remote_addr : 2.8.x.x
| β create evt.Parsed.body_bytes_sent : 49
| β create evt.Parsed.http_referer : -
| β update evt.StrTime : -> 22/Jun/2022:07:32:24 +0000
| β create evt.Meta.source_ip : 2.8.x.x
| β create evt.Meta.http_status : 404
| β create evt.Meta.http_user_agent : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.160 YaBrowser/22.5.2.615 Yowser/2.5 Safari/537.36
| β create evt.Meta.http_verb : GET
| β create evt.Meta.log_type : http_access-log
| β create evt.Meta.service : http
| β create evt.Meta.http_path : /apps/bookmarks/folder/28/publictoken
| β create evt.Meta.target_fqdn : 24.874752782Z
β s02-enrich
| β π’ crowdsecurity/dateparse-enrich (+2 ~1)
| β create evt.Enriched.MarshaledTime : 2022-06-22T07:32:24Z
| β update evt.MarshaledTime : -> 2022-06-22T07:32:24Z
| β create evt.Meta.timestamp : 2022-06-22T07:32:24Z
| β π’ crowdsecurity/geoip-enrich (+13)
| β create evt.Enriched.ASNNumber : 3215
| β create evt.Enriched.IsInEU : true
| β create evt.Enriched.Latitude : x
| β create evt.Enriched.SourceRange : 2.0.0.0/12
| β create evt.Enriched.ASNOrg : Orange
| β create evt.Enriched.ASNumber : 3215
| β create evt.Enriched.IsoCode : FR
| β create evt.Enriched.Longitude : x
| β create evt.Meta.IsInEU : true
| β create evt.Meta.IsoCode : FR
| β create evt.Meta.SourceRange : 2.0.0.0/12
| β create evt.Meta.ASNNumber : 3215
| β create evt.Meta.ASNOrg : Orange
| β π’ crowdsecurity/http-logs (+7)
| β create evt.Parsed.file_ext :
| β create evt.Parsed.file_frag : publictoken
| β create evt.Parsed.file_dir : /apps/bookmarks/folder/28/
| β create evt.Parsed.impact_completion : false
| β create evt.Parsed.file_name : publictoken
| β create evt.Parsed.static_ressource : false
| β create evt.Meta.http_args_len : 0
| β π’ crowdsecurity/whitelists (unchanged)
β-------- parser success π’
β Scenarios
β π’ crowdsecurity/http-crawl-non_statics
β π’ crowdsecurity/http-probing
Hello,
Sadly, cscli explain doesnβt work with postoverflows . Can you put your postoverflows in debug mode so we can see what happen in crowdsecβs log ?
We are also available on discord if you want to join, it is easier for debugging
1 Like
smu44
June 22, 2022, 12:34pm
6
I feel very, very dumb
Looking at Crowdsec logs after restarting, I found:
time="22-06-2022 11:54:11" level=warning msg="skip non yaml : /etc/crowdsec/postoverflows/s01-whitelists/Wanadoo.yml"
After renaming the file to Wanadoo.yaml
:
time="22-06-2022 12:09:55" level=info msg="me/Wanadoo has debug enabled" id=little-bird
time="22-06-2022 12:09:55" level=debug msg="adding expression evt.Enriched.reverse_dns endsWith '.abo.wanadoo.fr.' to whitelists" id=little-bird name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 12:09:55" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelists/Wanadoo.yaml
time="22-06-2022 12:09:56" level=info msg="me/Wanadoo has debug enabled" id=holy-cloud
time="22-06-2022 12:09:56" level=debug msg="adding expression evt.Enriched.reverse_dns endsWith '.abo.wanadoo.fr.' to whitelists" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 12:09:56" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelists/Wanadoo.yaml
time="22-06-2022 14:07:07" level=debug msg="eval(evt.Enriched.reverse_dns endsWith '.abo.wanadoo.fr.') = TRUE" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 14:07:07" level=debug msg="eval variables:" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 14:07:07" level=debug msg=" evt.Enriched.reverse_dns = 'xxxxxxxx50.abo.wanadoo.fr.'" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 14:07:07" level=debug msg="Event is whitelisted by expr, reason [dont ban my ISP]" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 14:07:07" level=info msg="Ban for x.x.x.x whitelisted, reason [dont ban my ISP]" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
time="22-06-2022 14:07:07" level=debug msg="Event leaving node : ok" id=holy-cloud name=me/Wanadoo stage=s01-whitelists
~
Very, very sorry, my bad
This is not your fault but rather a bug from our side. We will fix this in the next release to support .yml
file.
1 Like
smu44
June 22, 2022, 2:54pm
8
Thanks
At least there is a message in the log, even if itβs difficult to find in all the startup messages