Please:
sudo systemctl restart crowdsec
sudo systemctl status crowdsec
● crowdsec.service - Crowdsec agent
Loaded: loaded (/etc/systemd/system/crowdsec.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2021-04-01 21:20:44 CEST; 6s ago
Process: 25754 ExecStart=/usr/local/bin/crowdsec -c /etc/crowdsec/config.yaml (code=exited, status=1/FAILURE)
Process: 25717 ExecStartPre=/usr/local/bin/crowdsec -c /etc/crowdsec/config.yaml -t (code=exited, status=0/SUCCESS)
Main PID: 25754 (code=exited, status=1/FAILURE)
avril 01 21:20:40 WebProd005 systemd[1]: Starting Crowdsec agent…
avril 01 21:20:44 WebProd005 systemd[1]: Started Crowdsec agent.
avril 01 21:20:44 WebProd005 crowdsec[25754]: 127.0.0.1 - [Thu, 01 Apr 2021 21:20:44 CEST] "POST /v1/watchers/login HTTP/1.1 401 345.696µs “crowdsec/v1.0.7-18ff3a3a306d1eca786038fb343250e43784a900” "
avril 01 21:20:44 WebProd005 systemd[1]: crowdsec.service: Main process exited, code=exited, status=1/FAILURE
avril 01 21:20:44 WebProd005 systemd[1]: crowdsec.service: Failed with result ‘exit-code’.
And the log:
time=“01-04-2021 21:20:41” level=info msg=“Crowdsec v1.0.7-18ff3a3a306d1eca786038fb343250e43784a900”
time=“01-04-2021 21:20:41” level=info msg=“Loading prometheus collectors”
time=“01-04-2021 21:20:41” level=info msg=“Loading CAPI pusher”
time=“01-04-2021 21:20:42” level=info msg=“Loading grok library /etc/crowdsec//patterns/”
time=“01-04-2021 21:20:42” level=info msg=“Loading enrich plugins”
time=“01-04-2021 21:20:43” level=info msg=“Loading parsers 10 stages”
time=“01-04-2021 21:20:43” level=info msg=“Node in /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml has no name,author or description. Skipping.”
time=“01-04-2021 21:20:43” level=info msg=“Loaded 2 parser nodes” file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/apache2-logs.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/iptables-logs.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/mysql-logs.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 0 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml
time=“01-04-2021 21:20:43” level=info msg=“Loaded 10 nodes, 3 stages”
time=“01-04-2021 21:20:43” level=info msg=“Loading postoverflow Parsers”
time=“01-04-2021 21:20:43” level=info msg=“Loaded 0 nodes, 0 stages”
time=“01-04-2021 21:20:43” level=info msg=“Loading 12 scenario files”
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=weathered-haze file=/etc/crowdsec/scenarios/http-sensitive-files.yaml name=crowdsecurity/http-sensitive-files
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=falling-leaf file=/etc/crowdsec/scenarios/iptables-scan-multi_ports.yaml name=crowdsecurity/iptables-scan-multi_ports
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=cool-forest file=/etc/crowdsec/scenarios/http-backdoors-attempts.yaml name=crowdsecurity/http-backdoors-attempts
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=late-water file=/etc/crowdsec/scenarios/http-probing.yaml name=crowdsecurity/http-probing
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=delicate-wave file=/etc/crowdsec/scenarios/http-xss-probing.yaml name=crowdsecurity/http-xss-probbing
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=snowy-sun file=/etc/crowdsec/scenarios/mysql-bf.yaml name=crowdsecurity/mysql-bf
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=autumn-lake file=/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=throbbing-mountain file=/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf_user-enum
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=long-frost file=/etc/crowdsec/scenarios/http-bad-user-agent.yaml name=crowdsecurity/http-bad-user-agent
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=holy-violet file=/etc/crowdsec/scenarios/http-crawl-non_statics.yaml name=crowdsecurity/http-crawl-non_statics
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=lingering-smoke file=/etc/crowdsec/scenarios/http-path-traversal-probing.yaml name=crowdsecurity/http-path-traversal-probing
time=“01-04-2021 21:20:43” level=info msg=“Adding leaky bucket” cfg=bold-forest file=/etc/crowdsec/scenarios/http-sqli-probing.yaml name=crowdsecurity/http-sqli-probbing-detection
time=“01-04-2021 21:20:43” level=info msg=“Adding trigger bucket” cfg=cool-dust file=/etc/crowdsec/scenarios/http-w00tw00t.yaml name=ltsich/http-w00tw00t
time=“01-04-2021 21:20:43” level=warning msg=“Loaded 13 scenarios”
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/apache2/error.log’"
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/apache2/other_vhosts_access.log’"
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/apache2/access.log’"
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/auth.log’"
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/mysql/error.log’"
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/syslog’"
time=“01-04-2021 21:20:43” level=info msg="[file datasource] opening file ‘/var/log/kern.log’"
time=“01-04-2021 21:20:43” level=warning msg=“while configuring datasource : empty filename(s) and journalctl filter, malformed datasource”
time=“01-04-2021 21:20:43” level=info msg=“test done”
time=“01-04-2021 21:20:43” level=info msg=“Crowdsec v1.0.7-18ff3a3a306d1eca786038fb343250e43784a900”
time=“01-04-2021 21:20:43” level=info msg=“Loading prometheus collectors”
time=“01-04-2021 21:20:43” level=info msg=“Loading CAPI pusher”
time=“01-04-2021 21:20:43” level=info msg=“start crowdsec api pull (interval: 2h)”
time=“01-04-2021 21:20:43” level=warning msg=“scenario list is empty, will not pull yet”
time=“01-04-2021 21:20:43” level=info msg=“start crowdsec api send metrics (interval: 30m)”
time=“01-04-2021 21:20:43” level=info msg=“start crowdsec api push (interval: 30s)”
time=“01-04-2021 21:20:43” level=info msg=“Loading grok library /etc/crowdsec//patterns/”
time=“01-04-2021 21:20:44” level=info msg=“Loading enrich plugins”
time=“01-04-2021 21:20:44” level=info msg=“Loading parsers 10 stages”
time=“01-04-2021 21:20:44” level=info msg=“Node in /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml has no name,author or description. Skipping.”
time=“01-04-2021 21:20:44” level=info msg=“Loaded 2 parser nodes” file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/apache2-logs.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/iptables-logs.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/mysql-logs.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 0 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 1 parser nodes” file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml
time=“01-04-2021 21:20:44” level=info msg=“Loaded 10 nodes, 3 stages”
time=“01-04-2021 21:20:44” level=info msg=“Loading postoverflow Parsers”
time=“01-04-2021 21:20:44” level=info msg=“Loaded 0 nodes, 0 stages”
time=“01-04-2021 21:20:44” level=info msg=“Loading 12 scenario files”
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=dry-moon file=/etc/crowdsec/scenarios/http-crawl-non_statics.yaml name=crowdsecurity/http-crawl-non_statics
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=patient-leaf file=/etc/crowdsec/scenarios/http-backdoors-attempts.yaml name=crowdsecurity/http-backdoors-attempts
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=shy-leaf file=/etc/crowdsec/scenarios/http-path-traversal-probing.yaml name=crowdsecurity/http-path-traversal-probing
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=winter-night file=/etc/crowdsec/scenarios/http-sensitive-files.yaml name=crowdsecurity/http-sensitive-files
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=nameless-voice file=/etc/crowdsec/scenarios/http-xss-probing.yaml name=crowdsecurity/http-xss-probbing
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=billowing-darkness file=/etc/crowdsec/scenarios/iptables-scan-multi_ports.yaml name=crowdsecurity/iptables-scan-multi_ports
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=billowing-voice file=/etc/crowdsec/scenarios/http-probing.yaml name=crowdsecurity/http-probing
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=little-waterfall file=/etc/crowdsec/scenarios/mysql-bf.yaml name=crowdsecurity/mysql-bf
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=ancient-fog file=/etc/crowdsec/scenarios/http-bad-user-agent.yaml name=crowdsecurity/http-bad-user-agent
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=broken-dream file=/etc/crowdsec/scenarios/http-sqli-probing.yaml name=crowdsecurity/http-sqli-probbing-detection
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=broken-night file=/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf
time=“01-04-2021 21:20:44” level=info msg=“Adding leaky bucket” cfg=young-firefly file=/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf_user-enum
time=“01-04-2021 21:20:44” level=info msg=“Adding trigger bucket” cfg=damp-violet file=/etc/crowdsec/scenarios/http-w00tw00t.yaml name=ltsich/http-w00tw00t
time=“01-04-2021 21:20:44” level=warning msg=“Loaded 13 scenarios”
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/apache2/error.log’"
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/apache2/other_vhosts_access.log’"
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/apache2/access.log’"
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/auth.log’"
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/mysql/error.log’"
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/syslog’"
time=“01-04-2021 21:20:44” level=info msg="[file datasource] opening file ‘/var/log/kern.log’"
time=“01-04-2021 21:20:44” level=warning msg=“while configuring datasource : empty filename(s) and journalctl filter, malformed datasource”
time=“01-04-2021 21:20:44” level=warning msg=“Starting processing data”
time=“01-04-2021 21:20:44” level=info msg="Error machine login for 6[…]7 : ent: machine not found "
time=“01-04-2021 21:20:44” level=fatal msg=“starting outputs error : authenticate watcher (6[…]7): Post http://127.0.0.1:8080/v1/watchers/login: received response status “401 Unauthorized” when fetching http://127.0.0.1:8080/v1/watchers/login”
Thanks !!!