Fresh install, changed port for api and .yaml files. As I got the (this is already used aka bind error message).
I have manually deleted the bouncers and manually added them and changed the api key in the bounce.yaml file. Below is what I see in the logs. Any help would be appreciated. I am just not seeing why it won’t link up.
Ubuntu 18.04 (EVE-NG).
bouncer logs:
time=“11-03-2022 11:02:45” level=fatal msg=“API error: access forbidden”
time=“11-03-2022 11:53:29” level=info msg=“config is valid”
time=“11-03-2022 11:53:29” level=info msg=“backend type : nftables”
time=“11-03-2022 11:53:29” level=info msg=“nftables initiated”
time=“11-03-2022 11:53:29” level=info msg=“Processing new and deleted decisions . . .”
time=“11-03-2022 11:53:29” level=fatal msg=“API error: access forbidden”
time=“11-03-2022 13:25:36” level=info msg=“config is valid”
time=“11-03-2022 13:25:36” level=info msg=“backend type : nftables”
bouncer yaml:
mode: nftables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
api_url: http://localhost:8090/
api_key: <api_key-redacted>
disable_ipv6: false
deny_action: DROP
deny_log: false
supported_decisions_types:
- ban
#to change log prefix
#deny_log_prefix: "crowdsec: "
Some data is missing the config.yaml matches, the api_credential yaml matches. Am I missing something?
So basically I updated these three locations because of the bind error issue.
I used netstat to confirm it wasn’t in use. And that error went away. But the above listed logs show the failure.
/etc/crowdsec/config.yaml
api > listen_uri: 127.0.0.1:8090
/etc/crowdsec/local_api_credentials.yaml
url: [http://127.0.0.1:8090 ]
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
api_url: http://localhost:8090/
Ok I did this before but tried again using this command.
cscli bouncers add myBouncer -l 24
That gave me an API_KEY, as expected. I replaced the unescaped variable in /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml and now the cs-firewall-bouncer appears to be running.
Seeing this when I run metrics so assuming I am good.
INFO[11-03-2022 04:05:41 PM] Local Api Machines Metrics:
±-------------------------------------------------±-----------±-------±-----+
| MACHINE | ROUTE | METHOD | HITS |
±-------------------------------------------------±-----------±-------±-----+
| 4770fd769e1c41da93e06dceade24ffeThymmyH8JFyB2Q8h | /v1/alerts | GET | 1 |
±-------------------------------------------------±-----------±-------±-----+
INFO[11-03-2022 04:05:41 PM] Local Api Bouncers Metrics:
±---------------------------±---------------------±-------±-----+
| BOUNCER | ROUTE | METHOD | HITS |
±---------------------------±---------------------±-------±-----+
| FirewallBouncer-1647028615 | /v1/decisions/stream | GET | 17 |
±---------------------------±---------------------±-------±-----+
Thanks for the post. Am I right to assume that your problem is fixed and you don’t need anymore help?
That is correct I posted what I did for the resolution. If it needs more clarity let me know.
1 Like