I feel I made something wrong

sahara101 · August 2, 2024, 10:38am

Hello,

I moved my working traefik and crowdsec compose to a new server. Since then I feel like it is not working anymore. I am using the traefik bouncer plugin.
No external IPs in the dashboard. I can spam refresh my external service and nothing happens.
Can somebody please help me…

cscli metrics

Acquisition Metrics:
╭────────────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────╮
│               Source               │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├────────────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
│ file:/var/log/auth.log             │ 2          │ -            │ 2              │ -                      │ -                 │
│ file:/var/log/crowdsec/traefik.log │ 2.09k      │ 1.82k        │ 273            │ 275                    │ -                 │
│ file:/var/log/syslog               │ 9.87k      │ -            │ 9.87k          │ -                      │ -                 │
╰────────────────────────────────────┴───────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯

Local API Alerts:
╭────────────────────────────────────────────┬───────╮
│                   Reason                   │ Count │
├────────────────────────────────────────────┼───────┤
│ crowdsecurity/http-admin-interface-probing │ 1     │
│ crowdsecurity/http-crawl-non_statics       │ 1     │
│ crowdsecurity/http-cve-2021-41773          │ 8     │
│ crowdsecurity/http-probing                 │ 7     │
│ crowdsecurity/thinkphp-cve-2018-20062      │ 6     │
│ LePresidente/http-generic-403-bf           │ 31    │
│ crowdsecurity/CVE-2017-9841                │ 26    │
│ crowdsecurity/CVE-2022-41082               │ 2     │
╰────────────────────────────────────────────┴───────╯

Local API Decisions:
╭────────────────────────────────────────────┬────────┬────────┬───────╮
│                   Reason                   │ Origin │ Action │ Count │
├────────────────────────────────────────────┼────────┼────────┼───────┤
│ crowdsecurity/netgear_rce                  │ CAPI   │ ban    │ 55    │
│ crowdsecurity/ssh-slow-bf                  │ CAPI   │ ban    │ 6145  │
│ crowdsecurity/CVE-2023-49103               │ CAPI   │ ban    │ 134   │
│ firehol_cruzit_web_attacks                 │ lists  │ ban    │ 13197 │
│ crowdsecurity/http-open-proxy              │ CAPI   │ ban    │ 2023  │
│ crowdsecurity/f5-big-ip-cve-2020-5902      │ CAPI   │ ban    │ 3     │
│ crowdsecurity/http-path-traversal-probing  │ CAPI   │ ban    │ 216   │
│ crowdsecurity/http-probing                 │ CAPI   │ ban    │ 4776  │
│ crowdsecurity/ssh-bf                       │ CAPI   │ ban    │ 5531  │
│ crowdsecurity/CVE-2022-37042               │ CAPI   │ ban    │ 2     │
│ crowdsecurity/http-crawl-non_statics       │ CAPI   │ ban    │ 398   │
│ crowdsecurity/http-cve-2021-42013          │ CAPI   │ ban    │ 4     │
│ firehol_greensnow                          │ lists  │ ban    │ 4762  │
│ crowdsecurity/CVE-2022-26134               │ CAPI   │ ban    │ 7     │
│ crowdsecurity/http-cve-2021-41773          │ CAPI   │ ban    │ 278   │
│ crowdsecurity/http-sensitive-files         │ CAPI   │ ban    │ 400   │
│ crowdsecurity/jira_cve-2021-26086          │ CAPI   │ ban    │ 27    │
│ ltsich/http-w00tw00t                       │ CAPI   │ ban    │ 4     │
│ crowdsecurity/CVE-2019-18935               │ CAPI   │ ban    │ 14    │
│ crowdsecurity/http-backdoors-attempts      │ CAPI   │ ban    │ 166   │
│ crowdsecurity/http-bad-user-agent          │ CAPI   │ ban    │ 10195 │
│ crowdsecurity/http-cve-probing             │ CAPI   │ ban    │ 17    │
│ crowdsecurity/http-admin-interface-probing │ CAPI   │ ban    │ 354   │
│ crowdsecurity/fortinet-cve-2018-13379      │ CAPI   │ ban    │ 16    │
│ crowdsecurity/http-generic-bf              │ CAPI   │ ban    │ 46    │
│ crowdsecurity/http-wordpress-scan          │ CAPI   │ ban    │ 309   │
│ crowdsecurity/ssh-cve-2024-6387            │ CAPI   │ ban    │ 41    │
│ crowdsecurity/CVE-2022-35914               │ CAPI   │ ban    │ 5     │
│ crowdsecurity/CVE-2023-22515               │ CAPI   │ ban    │ 4     │
│ crowdsecurity/apache_log4j2_cve-2021-44228 │ CAPI   │ ban    │ 77    │
│ crowdsecurity/thinkphp-cve-2018-20062      │ CAPI   │ ban    │ 138   │
│ firehol_cybercrime                         │ lists  │ ban    │ 1798  │
│ crowdsecurity/CVE-2017-9841                │ CAPI   │ ban    │ 355   │
╰────────────────────────────────────────────┴────────┴────────┴───────╯

Local API Metrics:
╭──────────────────────┬────────┬──────╮
│         Route        │ Method │ Hits │
├──────────────────────┼────────┼──────┤
│ /v1/alerts           │ GET    │ 15   │
│ /v1/decisions/stream │ GET    │ 91   │
│ /v1/heartbeat        │ GET    │ 90   │
│ /v1/watchers/login   │ POST   │ 17   │
╰──────────────────────┴────────┴──────╯

Local API Bouncers Metrics:
╭─────────────────┬──────────────────────┬────────┬──────╮
│     Bouncer     │         Route        │ Method │ Hits │
├─────────────────┼──────────────────────┼────────┼──────┤
│ crowdsecBouncer │ /v1/decisions/stream │ GET    │ 91   │
╰─────────────────┴──────────────────────┴────────┴──────╯

Local API Machines Metrics:
╭───────────┬───────────────┬────────┬──────╮
│  Machine  │     Route     │ Method │ Hits │
├───────────┼───────────────┼────────┼──────┤
│ localhost │ /v1/heartbeat │ GET    │ 90   │
│ localhost │ /v1/alerts    │ GET    │ 15   │
╰───────────┴───────────────┴────────┴──────╯

Parser Metrics:
╭──────────────────────────────────┬───────┬────────┬──────────╮
│              Parsers             │  Hits │ Parsed │ Unparsed │
├──────────────────────────────────┼───────┼────────┼──────────┤
│ child-crowdsecurity/http-logs    │ 5.46k │ 3.97k  │ 1.49k    │
│ child-crowdsecurity/syslog-logs  │ 9.88k │ 9.87k  │ 10       │
│ child-crowdsecurity/traefik-logs │ 2.09k │ 1.82k  │ 273      │
│ crowdsecurity/dateparse-enrich   │ 1.82k │ 1.82k  │ -        │
│ crowdsecurity/http-logs          │ 1.82k │ 1.82k  │ -        │
│ crowdsecurity/non-syslog         │ 2.09k │ 2.09k  │ -        │
│ crowdsecurity/syslog-logs        │ 9.87k │ 9.87k  │ 5        │
│ crowdsecurity/traefik-logs       │ 2.09k │ 1.82k  │ 273      │
│ crowdsecurity/whitelists         │ 1.82k │ 1.82k  │ -        │
╰──────────────────────────────────┴───────┴────────┴─────────╯

Scenario Metrics:
╭──────────────────────────────────────┬───────────────┬───────────┬──────────────┬────────┬─────────╮
│               Scenario               │ Current Count │ Overflows │ Instantiated │ Poured │ Expired │
├──────────────────────────────────────┼───────────────┼───────────┼──────────────┼────────┼─────────┤
│ crowdsecurity/http-crawl-non_statics │ -             │ -         │ 41           │ 212    │ 41      │
│ crowdsecurity/http-probing           │ -             │ -         │ 21           │ 63     │ 21      │
╰──────────────────────────────────────┴───────────────┴───────────┴──────────────┴────────┴─────────╯

Whitelist Metrics:
╭──────────────────────────┬─────────────────────────────┬──────┬─────────────╮
│         Whitelist        │            Reason           │ Hits │ Whitelisted │
├──────────────────────────┼─────────────────────────────┼──────┼─────────────┤
│ crowdsecurity/whitelists │ private ipv4/ipv6 ip/ranges │ 1820 │ -           │
╰──────────────────────────┴─────────────────────────────┴──────┴─────────────╯

PARSERS
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 Name                            📦 Status            Version  Local Path                                             
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 crowdsecurity/cri-logs          ✔️  enabled          0.1      /etc/crowdsec/parsers/s00-raw/cri-logs.yaml            
 crowdsecurity/dateparse-enrich  ✔️  enabled          0.2      /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml 
 crowdsecurity/docker-logs       ✔️  enabled          0.1      /etc/crowdsec/parsers/s00-raw/docker-logs.yaml         
 crowdsecurity/geoip-enrich      ✔️  enabled          0.4      /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml     
 crowdsecurity/http-logs         ✔️  enabled          1.2      /etc/crowdsec/parsers/s02-enrich/http-logs.yaml        
 crowdsecurity/sshd-logs         ✔️  enabled          2.7      /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml         
 crowdsecurity/syslog-logs       ✔️  enabled          0.8      /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml         
 crowdsecurity/traefik-logs      ✔️  enabled          0.9      /etc/crowdsec/parsers/s01-parse/traefik-logs.yaml      
 crowdsecurity/whitelists        ⚠️  enabled,tainted  ?        /etc/crowdsec/parsers/s02-enrich/whitelists.yaml       
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

cscli bouncers list
─────────────────────────────────────────────────────────────────────────────────────────────────
 Name             IP Address     Valid  Last API pull         Type            Version  Auth Type 
─────────────────────────────────────────────────────────────────────────────────────────────────
 TRAEFIK                         ✔️     2024-07-22T20:23:04Z                           api-key   
 crowdsecBouncer  192.168.144.1  ✔️     2024-08-02T10:35:05Z  Go-http-client  1.1      api-key   
─────────────────────────────────────────────────────────────────────────────────────────────────

Here I am not sure if TRAEFIK was working before, but that one is offline.

I am also seeing some error

time="2024-08-02T10:36:41Z" level=warning msg="failed to run filter : invalid character '.' after top-level value (1:1)\n | UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, \"traefik\") in [\"\", nil]\n | ^" id=still-water name=child-crowdsecurity/traefik-logs stage=s01-parse
time="2024-08-02T10:36:44Z" level=error msg="UnmarshalJSON : invalid character '.' after top-level value" line="192.168.144.1 - - [02/Aug/2024:10:35:44 +0000] \"POST /signalexchange.SignalExchange/ConnectStream HTTP/2.0\" 0 0 \"-\" \"-\" 1792 \"https-netbird-signal@docker\" \"h2c://192.168.144.9:80\" 60001ms"
time="2024-08-02T10:36:44Z" level=warning msg="failed to run filter : invalid character '.' after top-level value (1:1)\n | UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, \"traefik\") in [\"\", nil]\n | ^" id=still-water name=child-crowdsecurity/traefik-logs stage=s01-parse

Thanks!

iiAmLoz · August 2, 2024, 11:25am

sahara101:

Local API Alerts:
╭────────────────────────────────────────────┬───────╮
│                   Reason                   │ Count │
├────────────────────────────────────────────┼───────┤
│ crowdsecurity/http-admin-interface-probing │ 1     │
│ crowdsecurity/http-crawl-non_statics       │ 1     │
│ crowdsecurity/http-cve-2021-41773          │ 8     │
│ crowdsecurity/http-probing                 │ 7     │
│ crowdsecurity/thinkphp-cve-2018-20062      │ 6     │
│ LePresidente/http-generic-403-bf           │ 31    │
│ crowdsecurity/CVE-2017-9841                │ 26    │
│ crowdsecurity/CVE-2022-41082               │ 2     │
╰────────────────────────────────────────────┴───────╯

From this it seems there is alerts, it might be you didnt transfer all container data so it not the same enrollment on console if that what you meant by “dashboard”. If you run cscli alerts list what you see?

sahara101 · August 2, 2024, 12:06pm

I copied the whole stack folder. Bu dashboard I mean the crowdsec homepage, the one where you also see the alerts.
Could it be that my issue is that now I am using docker ip and since then I only get the docker network gateway IP in the alerts? I just assumed that for whatever reason I am getting banned internally.

cscli decision list
╭──────────┬──────────┬──────────────────┬──────────────────────────────────┬────────┬─────────┬────┬────────┬────────────────────┬──────────╮
│    ID    │  Source  │    Scope:Value   │              Reason              │ Action │ Country │ AS │ Events │     expiration     │ Alert ID │
├──────────┼──────────┼──────────────────┼──────────────────────────────────┼────────┼─────────┼────┼────────┼────────────────────┼──────────┤
│ 83472354 │ crowdsec │ Ip:192.168.144.1 │ LePresidente/http-generic-403-bf │ ban    │         │    │ 7      │ 3h18m33.759286234s │ 10226    │
╰──────────┴──────────┴──────────────────┴─────────────────────────────────┴────────┴─────────┴────┴────────┴────────────────────┴──────────╯

cscli alert list
╭───────┬──────────────────┬───────────────────────────────────────┬─────────┬───────────────────────────────────────┬───────────┬─────────────────────────────────────────╮
│   ID  │       value      │                 reason                │ country │                   as                  │ decisions │                created_at               │
├───────┼──────────────────┼───────────────────────────────────────┼─────────┼───────────────────────────────────────┼───────────┼─────────────────────────────────────────┤
│ 10226 │ Ip:192.168.144.1 │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-08-02 11:22:15.849182598 +0000 UTC │
│ 10213 │ Ip:192.168.144.1 │ crowdsecurity/http-cve-2021-41773     │         │                                       │ ban:1     │ 2024-08-02 00:57:17.129301883 +0000 UTC │
│ 10209 │ Ip:192.168.144.1 │ crowdsecurity/thinkphp-cve-2018-20062 │         │                                       │ ban:1     │ 2024-08-01 22:11:14.596625236 +0000 UTC │
│ 10208 │ Ip:192.168.144.1 │ crowdsecurity/http-probing            │         │                                       │ ban:1     │ 2024-08-01 22:10:52.640221186 +0000 UTC │
│ 10207 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 22:11:06.382421387 +0000 UTC │
│ 10206 │ Ip:192.168.144.1 │ crowdsecurity/http-cve-2021-41773     │         │                                       │ ban:1     │ 2024-08-01 22:11:05.272335727 +0000 UTC │
│ 10198 │ Ip:192.168.144.1 │ crowdsecurity/thinkphp-cve-2018-20062 │         │                                       │ ban:1     │ 2024-08-01 18:57:19.199803253 +0000 UTC │
│ 10197 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:57:08.060202741 +0000 UTC │
│ 10196 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:56:04.442644003 +0000 UTC │
│ 10195 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:54:59.985649624 +0000 UTC │
│ 10194 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:53:56.792502389 +0000 UTC │
│ 10193 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:52:56.041748797 +0000 UTC │
│ 10192 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:51:55.97174872 +0000 UTC  │
│ 10191 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-08-01 18:50:55.880318082 +0000 UTC │
│ 10190 │ Ip:192.168.144.1 │ crowdsecurity/http-cve-2021-41773     │         │                                       │ ban:1     │ 2024-08-01 18:50:31.483204395 +0000 UTC │
│ 10173 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2022-41082          │         │                                       │ ban:1     │ 2024-08-01 09:38:36.485277419 +0000 UTC │
│ 10168 │ Ip:192.168.144.1 │ crowdsecurity/http-cve-2021-41773     │         │                                       │ ban:1     │ 2024-08-01 05:59:00.847850549 +0000 UTC │
│ 10147 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-07-31 18:05:19.180809615 +0000 UTC │
│ 10146 │ Ip:192.168.144.1 │ crowdsecurity/CVE-2017-9841           │         │                                       │ ban:1     │ 2024-07-31 17:56:45.201443836 +0000 UTC │
│ 10119 │ Ip:8.209.96.179  │ crowdsecurity/http-probing            │ DE      │ 45102 Alibaba US Technology Co., Ltd. │ ban:1     │ 2024-07-31 02:31:02.848976743 +0000 UTC │
│ 10114 │ Ip:83.97.73.245  │ crowdsecurity/CVE-2017-9841           │ RU      │ 208312 Red Byte LLC                   │ ban:1     │ 2024-07-31 01:29:56.110309065 +0000 UTC │
│ 10113 │ Ip:83.97.73.245  │ crowdsecurity/CVE-2017-9841           │ RU      │ 208312 Red Byte LLC                   │ ban:1     │ 2024-07-31 01:22:21.333047864 +0000 UTC │
│ 10109 │ Ip:212.83.146.83 │ crowdsecurity/thinkphp-cve-2018-20062 │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:09:20.403389269 +0000 UTC │
│ 10108 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:08:54.686210389 +0000 UTC │
│ 10107 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:07:51.890861542 +0000 UTC │
│ 10106 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:06:41.263626658 +0000 UTC │
│ 10105 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:05:40.090806005 +0000 UTC │
│ 10104 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:04:26.150543734 +0000 UTC │
│ 10103 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:03:21.369361514 +0000 UTC │
│ 10102 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:02:10.890835776 +0000 UTC │
│ 10101 │ Ip:212.83.146.83 │ crowdsecurity/CVE-2017-9841           │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:01:08.834050971 +0000 UTC │
│ 10100 │ Ip:212.83.146.83 │ crowdsecurity/http-cve-2021-41773     │ FR      │ 12876 Scaleway S.a.s.                 │ ban:1     │ 2024-07-30 23:00:16.253646905 +0000 UTC │
│ 10096 │ Ip:192.168.1.25  │ crowdsecurity/http-probing            │         │                                       │ ban:1     │ 2024-07-30 21:13:16.521531643 +0000 UTC │
│ 10095 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:19:16.6892188 +0000 UTC   │
│ 10094 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:18:16.395287302 +0000 UTC │
│ 10093 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:17:15.648258079 +0000 UTC │
│ 10092 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:16:15.438720787 +0000 UTC │
│ 10091 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:15:14.394168936 +0000 UTC │
│ 10090 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:14:12.561689227 +0000 UTC │
│ 10089 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:13:13.091801107 +0000 UTC │
│ 10088 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:12:12.576765047 +0000 UTC │
│ 10087 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:11:10.543717882 +0000 UTC │
│ 10086 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:10:11.253429694 +0000 UTC │
│ 10085 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:09:11.108853213 +0000 UTC │
│ 10084 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:08:11.062920942 +0000 UTC │
│ 10083 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:07:10.045612045 +0000 UTC │
│ 10082 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:06:10.291605743 +0000 UTC │
│ 10081 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:05:09.103323631 +0000 UTC │
│ 10080 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:04:09.556539665 +0000 UTC │
│ 10079 │ Ip:192.168.1.29  │ LePresidente/http-generic-403-bf      │         │                                       │ ban:1     │ 2024-07-30 20:03:08.756385846 +0000 UTC │

Below alibaba is when I was on the previous server. In that one I had a macvlan defined.

How can I make sure I see the external IPs and not my docker network gateway?

Thanks!

Topic		Replies	Views
Bans not activated crowdsec	1	1118	March 31, 2023
Ban not working at all	9	1663	June 24, 2024
It works with a delay and doesn't ban crowdsec	8	1061	May 22, 2023
Traefik stops working with crowdsec bouncer - invalid character 'i' in lliteral true crowdsec	3	1572	February 25, 2024
Checking bans really work and how to extend bans? crowdsec	8	3883	December 14, 2021

I feel I made something wrong

Related topics