Failed to compile node 'crowdsecurity/syslog-logs'

1

Hi,

I just updated my crowdsec hub and its collections and I’m now facing a fatal error that prevents me from starting Crowdsec again:

time=“16-09-2021 15:51:26” level=info msg=“Crowdsec v1.0.0-674630f7b189b1c3f0c6c9a5ac76addb9e810051”

time=“16-09-2021 15:51:26” level=info msg=“Loading prometheus collectors”

time=“16-09-2021 15:51:26” level=info msg=“Loading CAPI pusher”

time=“16-09-2021 15:51:26” level=info msg=“Loading grok library /etc/crowdsec//patterns/”

time=“16-09-2021 15:51:27” level=info msg=“Loading enrich plugins”

time=“16-09-2021 15:51:27” level=info msg=“Loading parsers 11 stages”

time=“16-09-2021 15:51:27” level=error msg=“Statics Compilation failed type types.Line has no field Module (1:10)\n | evt.Line.Module\n | …^.” id=fragrant-bush name=crowdsecurity/syslog-logs stage=s00-raw

time=“16-09-2021 15:51:27” level=fatal msg=“crowdsec init: Failed to load parsers: failed to load parser config : failed to compile node ‘crowdsecurity/syslog-logs’ in ‘/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml’ : type types.Line has no field Module (1:10)\n | evt.Line.Module\n | …^”

Do you know how can I solve this?

Thank you

2

Hello @teol ,

How did you update your crowdsec hub ? Did you specify a branch ?
Else, did you set a branch directly in your config.yaml ?

3

Hi :slight_smile:

I did a cscli hub update and then upgraded each collections shown as outdated with like cscli collections upgrade crowdsecurity/linux

I didn’t put anything in the config.yaml

4

Can you paste the output of sudo cscli hub update --debug please?

5 
# cscli hub update --debug
DEBU[0000] Using /etc/crowdsec/config.yaml as configuration file 
DEBU[0000] fetching index from branch master (https://raw.githubusercontent.com/crowdsecurity/hub/master/.index.json) 
INFO[0000] Wrote new 134801 bytes index to /etc/crowdsec/hub/.index.json 
DEBU[0000] 4 item types in hub index                    
DEBU[0000] scanning /etc/crowdsec                       
DEBU[0000] scanning /etc/crowdsec/hub
6

The problem here is that your cscli is targeting the master branch while you are not on the latest version of crowdsec :confused: .

There is two ways of fixing this:

  • Update crowdsec to the latest version so you will target the master branch of the hub without bug
  • Update your /etc/crowdsec/config.yaml, in the cscli section you can add a hub_branch to specify the v1.0.0 :
cscli:
  output: human
  hub_branch: "v1.0.0"
7

Ok I see, thanks.

I installed crowdsec back when there was only the wizard.sh.

How should I update it to the last version?
Maybe it’s time for me to start using the deb version in your repo?

8

Yes it might be the time :slight_smile:

There is again two ways to do this:

  • The easy way (if you don’t need to backup anything): you run the ./wizard.sh --uninstall and then install crowdsec from our repositories (cf. Install CrowdSec | CrowdSec)
  • The hard way (we didn’t test it): You run cscli config backup <backup_folder> to backup your existing configuration. Then you uninstall your running crowdsec with ./wizard.sh --uninstall , install the new one from our repositories (Install CrowdSec | CrowdSec) and then you can run cscli config restore <backup_folder> . Some things might not work, (especially from the config.yaml file), but let us know how it goes :slight_smile:
1 Like