How to udpate crowdsec?

ovizii · December 14, 2020, 12:39pm

It seems this didn’t happen automatically on my Debian installation and I am a newbie experimenting here on my NAS so I’d appreciate any hints.

EDIT

googled it and set it as active, enabled yet finding errors in crowdsec logs.

time="14-12-2020 13:39:52" level=info msg="Crowdsec v0.3.6-2fdf7624da381af605baa46f319f2ed3015807e4"
time="14-12-2020 13:39:52" level=info msg="Loading prometheus collectors"
time="14-12-2020 13:39:52" level=info msg="Loading grok library"
time="14-12-2020 13:39:52" level=warning msg="Starting profiling and http server"
time="14-12-2020 13:39:53" level=info msg="Loading enrich plugins"
time="14-12-2020 13:39:53" level=info msg="Loading parsers"
time="14-12-2020 13:39:53" level=info msg="Node in /etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml has no name,author or description. Skipping."
time="14-12-2020 13:39:53" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s01-parse/apache2-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s01-parse/iptables-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s01-parse/mysql-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s01-parse/nginx-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s01-parse/postfix-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s01-parse/sshd-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s02-enrich/dateparse-enrich.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s02-enrich/geoip-enrich.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s02-enrich/http-logs.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/config/parsers/s02-enrich/whitelists.yaml
time="14-12-2020 13:39:53" level=info msg="Loaded 12 nodes, 3 stages"
time="14-12-2020 13:39:53" level=info msg="Loading postoverflow parsers"
time="14-12-2020 13:39:53" level=fatal msg="Unable to compile whitelist expression 'any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})' : type types.SignalOccurence has no field Alert (1:58)\n | any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})\n | .........................................................^." id=rough-forest name=crowdsecurity/cdn-whitelist stage=s01-whitelist

btw. I am wodnering why it still shows v0.3.6 - I tried cscli update then cscli upgrade and nothing happend upon which I followed these instructions:

curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4  | wget -i -
tar xvzf crowdsec-release.tgz
cd crowdsec-v*
sudo ./wizard.sh -i

reloaded the service, still getting the error above.

thibault · December 14, 2020, 1:08pm

Hello !

I guess you’re speaking about crowdsec version itself ? We’re working on debian packages, but untill then, no automatic upgrade mecanism. It should be coming soon

ovizii:

time="14-12-2020 13:39:53" level=info msg="Loading postoverflow parsers"
time="14-12-2020 13:39:53" level=fatal msg="Unable to compile whitelist expression 'any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})' : type types.SignalOccurence has no field Alert (1:58)\n | any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})\n | .........................................................^." id=rough-forest name=crowdsecurity/cdn-whitelist stage=s01-whitelist

From the logs, it seems that you’re in a weird situation: you’re using crowdsec v0.3.6 with configuration intended for v1.0.X. Hence, crowdsec cannot understand the loaded configurations.

Would you mind telling me how you performed the installation?

By the way, if you were already running v0.3.X and want to upgrade to v1.X, please have a look at CrowdSec | CrowdSec

ovizii · December 14, 2020, 1:21pm

Thanks, I’ll check out the migration link you posted.

Initially (weeks ago) I installed like this:

curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4  | wget -i -
tar xvzf crowdsec-release.tgz
cd crowdsec-v*
sudo ./wizard.sh -i

and today, I tried the very same again, just to see if it would upgrade to the newest version.
I also tried cscli update followed by cscli upgrade.

I guess that lead to this mess luckily its just a testing system.

thibault · December 14, 2020, 1:23pm

ah, you’re right, I guess we should make the wizard smarter to avoid this kind of issue

Please let me know if it fixes your issue

ovizii · December 14, 2020, 2:49pm

Thanks, I followed that upgrade guide and everything seems to work now.

Topic		Replies	Views
Failed to compile node 'crowdsecurity/syslog-logs'	7	505	September 17, 2021
Issue when installing crowdsec on debian crowdsec	7	259	November 24, 2023
Crowdsec service no longer starts: unknown func ParseKV	3	353	July 19, 2023
Unable to get crowdsec to start crowdsec	7	1219	April 25, 2023
Crowdsec failing to start after executing cscli explain crowdsec	2	1344	May 25, 2022

How to udpate crowdsec?

Related Topics