Crowdsec 1.6.4 log parsing suddenly stopped working

Hello,

my Crowdsec Docker container 1.6.4 and the previous versions have been running without any problems, at least none that I noticed during operation. Recently, I had the issue that Crowdsec wasn’t parsing logs. I accidentally discovered the problem when I wanted to check the functionality of a new collection. I wondered why the counter for the parsed lines was not increasing - for any log. Crowdsec was running, and there didn’t seem to be any apparent issues. I restarted the Crowdsec container, and everything worked again.

The problem is not reproducible and might go unnoticed in the future. Therefore, I would like to ask if there is a way to check the functionality of the log processor, which is responsible for reading the logs, using a health check? So far, I only have this in my Docker Compose stack:

healthcheck:
test: [“CMD”, “cscli”, “version”]

Thank you very much!

Best regards,
Serjoscha

Hello,

an update from my side: Since I started restarting CrowdSec weekly via a cron job, I haven’t had any issues.

Best Regards
Serjoscha

Thank you for the update, and sorry for not replying in the first place!

Yes, it seems quite odd and hard to reproduce. Just note that it is best to keep the container updated, as restarting the container only updates the parsers tied to that version. To keep up to date with the latest version of the parsers, you will also need to update the version.

Thank you very much for your answer. Yes, that’s right, the bug is hard to reproduce. Presumably, this is also an isolated problem (for me or a few). My thought was whether there might be mechanisms in Crowdsec (ex. Self HealthChecks) that could be used to check the function via Health Checks in the container variant.