Aikhaa
April 9, 2023, 6:14pm
1
Hello,
I’m new so sorry if this problem is already solved but i dont find any solution for me.
I try to enable telegram notification.
I have already changes the http.yaml with my telegram configuration, i reload my configuration but nothing appeared on my telegram channel.
Obvious because i didn’t change anything in the profile.yaml.
When i uncomment this section :
#notifications:
# - http_default
i can’t reload the service because i’ve got this error :
Job for crowdsec.service failed because the control process exited with error code.
See “systemctl status crowdsec.service” and “journalctl -xe” for details.
Same on Windows Server. When i uncomment the section the service won’t start again.
I need help
Can you check the crowdsec log file there should be an error message
linux: /var/log/crowdec.log
windows: c:/programdata/crowdsec/logs/crowdsec.log
Windws is a rough location cant remember of top of my head but it definately c:/programdata/crowdsec/
Aikhaa
April 12, 2023, 3:03pm
3
On Windows this is latest log :
time=“12-04-2023 16:54:37” level=info msg=“Crowdsec engine shutting down”
time=“12-04-2023 16:54:37” level=info msg=“wineventlog is dying” type=wineventlog
time=“12-04-2023 16:54:37” level=info msg=“Killing parser routines”
time=“12-04-2023 16:54:38” level=info msg=“Bucket routine exiting”
time=“12-04-2023 16:54:39” level=info msg=“crowdsec shutdown”
time=“12-04-2023 16:54:39” level=info msg=“serve: shutting down api server”
time=“12-04-2023 16:54:39” level=info msg=“pluginTomb dying”
time=“12-04-2023 16:54:39” level=info msg=“killing all plugins”
time=“12-04-2023 16:54:39” level=info msg=“push tomb is dying, sending cache (0 elements) before exiting”
time=“12-04-2023 16:54:39” level=info msg=“CrowdSec service stopped”
On linux
time=“12-04-2023 14:57:48” level=warning msg=“SIGTERM received, shutting down”
time=“12-04-2023 14:57:48” level=info msg=“Crowdsec engine shutting down”
time=“12-04-2023 14:57:48” level=info msg=“File datasource /var/log/kern.log stopping” tail=/var/log/kern.log type=file
time=“12-04-2023 14:57:48” level=info msg=“File datasource /var/log/apache2/access.log stopping” tail=/var/log/apache2/access.log type=file
time=“12-04-2023 14:57:48” level=info msg=“File datasource /var/log/auth.log stopping” tail=/var/log/auth.log type=file
time=“12-04-2023 14:57:48” level=info msg=“File datasource /var/log/syslog stopping” tail=/var/log/syslog type=file
time=“12-04-2023 14:57:48” level=info msg=“File datasource /var/log/apache2/other_vhosts_access.log stopping” tail=/var/log/apache2/other_vhosts_access.log type=file
time=“12-04-2023 14:57:48” level=info msg=“File datasource /var/log/apache2/error.log stopping” tail=/var/log/apache2/error.log type=file
time=“12-04-2023 14:57:48” level=info msg=“Killing parser routines”
time=“12-04-2023 14:57:49” level=info msg=“Bucket routine exiting”
time=“12-04-2023 14:57:50” level=info msg=“serve: shutting down api server”
time=“12-04-2023 14:57:50” level=info msg=“push tomb is dying, sending cache (0 elements) before exiting”
time=“12-04-2023 14:57:50” level=info msg=“pluginTomb dying”
time=“12-04-2023 14:57:50” level=info msg=“killing all plugins”
time=“12-04-2023 14:57:50” level=warning msg=“Crowdsec service shutting down”
Hmmm they dont seem to have any information on why it is dying. Before this line do you see anything?
time=“12-04-2023 14:57:48” level=warning msg=“SIGTERM received, shutting down”
We might need to change log level to debug to see whats happening.
Aikhaa
April 14, 2023, 10:00am
5
time=“12-04-2023 14:57:28” level=info msg=“Starting community-blocklist update”
time=“12-04-2023 14:57:28” level=info msg=“capi/community-blocklist : 0 explicit deletions”
time=“12-04-2023 14:57:28” level=warning msg=“sqlite is not using WAL mode, LAPI might become unresponsive when inserting the community blocklist”
time=“12-04-2023 14:57:29” level=info msg=“crowdsecurity/community-blocklist : added 2377 entries, deleted 2367 entries (alert:36)”
time=“12-04-2023 14:58:09” level=info msg=“capi metrics: metrics sent successfully”
Still nothing jumping out from the logs, can you share the http notification yaml file? obviously remove any parts like url and api keys / authorization.