Crowdsec does not start

Legolas · April 9, 2025, 7:32am

Hi,

new Server (Debian 12). I have installed crowdsec and the crowdsec-firewall-bouncer-iptables. All requirements are met. If i try to start crowdsec i get this error:

systemctl start crowdsec
Job for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xeu crowdsec.service" for details.
root@vw:/etc/crowdsec# systemctl status crowdsec
● crowdsec.service - Crowdsec agent
     Loaded: loaded (/lib/systemd/system/crowdsec.service; enabled; preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Wed 2025-04-09 09:25:49 CEST; 11s ago
    Process: 4219 ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error (code=exited, status=0/SUCCESS)
    Process: 4235 ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml (code=exited, status=1/FAILURE)
   Main PID: 4235 (code=exited, status=1/FAILURE)
        CPU: 1.028s

here is my config.yaml

common:
  daemonize: true
  log_media: file
  log_level: info
  log_dir: /var/log/
  log_max_size: 20
  compress_logs: true
  log_max_files: 10
config_paths:
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  simulation_path: /etc/crowdsec/simulation.yaml
  hub_dir: /etc/crowdsec/hub/
  index_path: /etc/crowdsec/hub/.index.json
  notification_dir: /etc/crowdsec/notifications/
  plugin_dir: /usr/lib/crowdsec/plugins/
crowdsec_service:
  #console_context_path: /etc/crowdsec/console/context.yaml
  acquisition_path: /etc/crowdsec/acquis.yaml
  acquisition_dir: /etc/crowdsec/acquis.d
  parser_routines: 1
cscli:
  output: human
  color: auto
db_config:
  log_level: info
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
  use_wal:  true
  #max_open_conns: 100
  #user:
  #password:
  #db_name:
  #host:
  #port:
  flush:
    max_items: 5000
    max_age: 7d
plugin_config:
  user: nobody # plugin process would be ran on behalf of this user
  group: nogroup # plugin process would be ran on behalf of this group
api:
  client:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
  server:
    log_level: info
    listen_uri: 127.0.0.1:8080
    profiles_path: /etc/crowdsec/profiles.yaml
    console_path: /etc/crowdsec/console.yaml
    online_client: # Central API credentials (to push signals and receive bad IPs)
      credentials_path: /etc/crowdsec/online_api_credentials.yaml
    trusted_ips: # IP ranges, or IPs which can have admin API access
      - 127.0.0.1
      - ::1
#    tls:
#      cert_file: /etc/crowdsec/ssl/cert.pem
#      key_file: /etc/crowdsec/ssl/key.pem
prometheus:
  enabled: true
  level: full
  listen_addr: 127.0.0.1
  listen_port: 6060

Any idea ore hint?

Thanks

iiAmLoz · April 9, 2025, 3:09pm

Can you check the log file /var/log/crowdsec.log

Legolas · April 9, 2025, 5:34pm

Ok, i see

level=fatal msg="local API server stopped with error: listening on 127.0.0.1:8080: listen tcp 127.0.0.1:8080: bind: address already in use"

on this Port is a Webserver active. Where do i have to make changes? To change the Port of the Webserver is not so easy

Thanks

iiAmLoz · April 10, 2025, 6:46am

https://support.crowdsec.net/hc/en-gb/articles/10831013001234--Security-Engine-How-to-change-the-default-port

Topic		Replies	Views
Crowdsec-firewall-bouncer does't start -> BACKEND is not supported	1	1843	April 25, 2023
Seems not to work crowdsec	1	99	July 24, 2024
Crowdsec cant start with Varnish crowdsec	1	295	November 26, 2023
Enable notification service won't start crowdsec	5	646	April 20, 2023
Failed to start The firewall bouncer crowdsec	10	5349	January 2, 2024

Crowdsec does not start

Related topics