Crowdsec notification emails and/or Teams for Windows Server


I’m newbie with Crowdsec. I’m trying to use Emails and Teams notifications from a Windows Server 2016. It didn’t work and I have those kind of log

For email notification

time="28-06-2022 15:16:49" level=debug msg="starting plugin" args="[C:\\ProgramData\\CrowdSec\\plugins\\notification-email.exeS]" path="C:\\ProgramData\\CrowdSec\\plugins\\notification-email.exe"
time="28-06-2022 15:16:49" level=debug msg="plugin started" path="C:\\ProgramData\\CrowdSec\\plugins\\notification-email.exe" pid=7012
time="28-06-2022 15:16:49" level=debug msg="waiting for RPC address" path="C:\\ProgramData\\CrowdSec\\plugins\\notification-email.exe"

For Teams notification

time="28-06-2022 15:24:45" level=debug msg="starting plugin" args="[C:\\ProgramData\\CrowdSec\\plugins\\notification-http.exe]" path="C:\\ProgramData\\CrowdSec\\plugins\\notification-http.exe"
time="28-06-2022 15:24:45" level=debug msg="plugin started" path="C:\\ProgramData\\CrowdSec\\plugins\\notification-http.exe" pid=5412
time="28-06-2022 15:24:45" level=debug msg="waiting for RPC address" path="C:\\ProgramData\\CrowdSec\\plugins\\notification-http.exe"

I think conf file is ok


name: default_ip_remediation
#debug: true
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
 - type: ban
   duration: 4h
 - email_default  # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
#   - slack_default  # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
#   - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
   - http_default   # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
on_success: break


type: email           # Don't change
name: email_default   # Must match the registered plugin in the profile

# One of "trace", "debug", "info", "warn", "error", "off"
log_level: debug

# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
# max_retry:          # Number of attempts to relay messages to plugins in case of error
timeout: 20s          # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"

# plugin-specific options

# The following template receives a list of models.Alert objects
# The output goes in the email message body
format: |
  {{range . -}}
    {{$alert := . -}}
    {{range .Decisions -}}
      <html><body><p><a href={{.Value}}>{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>.</p> <p><a href={{.Value}}>Shodan</a></p></body></html>
    {{end -}}
  {{end -}}

smtp_host:           # example:
smtp_username: <mail adress>        # Replace with your actual username
smtp_password: <password>      # Replace with your actual password
smtp_port: 587           # Common values are any of [25, 465, 587, 2525]
auth_type: login           # Valid choices are "none", "crammd5", "login", "plain"
sender_name: "CrowdSec"
sender_email: <mail address>        # example:
email_subject: "CrowdSec Notification"
- <my email address>
# -

# One of "ssltls", "none"
encryption_type: ssltls

but my first question is : is Crowdsec notifications enable with Windows Server ?

Thanks for help.



For Teams notifications, it’s working !!

Great !