Log-Files filled with "Unable to enrich ip '-'"

When I look into the crowdsec.log file I see many of these entries:

time=“2024-08-26T10:06:36+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:06:39+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpCity name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:06:39+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:06:39+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:06:39+02:00” level=error msg=“unable to collect sources from bucket: while extracting scope from bucket crowdsecurity/windows-bf: scope is Ip but ‘-’ isn’t a valid ip”
time=“2024-08-26T10:06:41+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpCity name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:06:41+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:06:41+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpCity name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpCity name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpCity name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpCity name=crowdsecurity/geoip-enrich stage=s02-enrich
time=“2024-08-26T10:07:08+02:00” level=error msg=“Unable to enrich ip ‘-’” id=summer-water method=GeoIpASN name=crowdsecurity/geoip-enrich stage=s02-enrich

I am not sure, where the source of this is. Did I configure something wrong or did I use wrong syntax? Crowdsec is running on Windows and most of the events that are investigated are “windows/bf” or “exchange/bf”.

I want to see “errors” in the logs and don’t want to lower the logging level.

It seems the evt.Meta.source_ip is being set to - so maybe these events dont have an IP or something is broken from windows versioning.