Metrics with Prometheus -


First of all thank you all for your effort to help out the users!!

I was able to set up CrowdSec and saw that I indeed have about on bounce a day (I have a homelab with about 40 container, providing media and nextcloud to my friends and family). Now I would like to have the metrics saved in prometheus, which does not work. Since I am new to prometheus too I have no idea if my CrowdSec config it wrong or the prometheus side.

The error message is: read tcp> read: connection reset by peer

The prometheus.yaml contains following snippet:

- job_name: crowdsec # Security related metrics
      - url:

I also tried

  - job_name: crowdsec # Security related metrics
      - targets:
          host: skippy

with the same result. The CrowdSec config.yml is fairly standard:

  daemonize: false
  pid_dir: /var/run/
  log_media: stdout
  log_level: info
  log_dir: /var/log/
  working_dir: .
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  simulation_path: /etc/crowdsec/simulation.yaml
  hub_dir: /etc/crowdsec/hub/
  index_path: /etc/crowdsec/hub/.index.json
  notification_dir: /etc/crowdsec/notifications/
  plugin_dir: /usr/local/lib/crowdsec/plugins/
  acquisition_path: /etc/crowdsec/acquis.yaml
  parser_routines: 1
  user: nobody
  group: nobody
  output: human
  log_level: info
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
    max_items: 5000
    max_age: 7d
  use_wal: false
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
    log_level: info
    profiles_path: /etc/crowdsec/profiles.yaml
    trusted_ips: # IP ranges, or IPs which can have admin API access
      - ::1
    online_client: # Central API credentials (to push signals and receive bad IPs)
      credentials_path: /etc/crowdsec/online_api_credentials.yaml
      #credentials_path: /etc/crowdsec/online_api_credentials.yaml
#    tls:
#      cert_file: /etc/crowdsec/ssl/cert.pem
#      key_file: /etc/crowdsec/ssl/key.pem
  enabled: true
  level: full
  listen_port: 6060

Can somebody help me out here?

Disclaimer: I asked the same question in the prometheus forum. I will post the solution if I get it over there.

Thanks akrea

Hello @akrea !

To check prometheus on crowdsec’s side is running smoothly, can you try to curl from your prometheus scrapper machine and see if you get a result ?

Also note have you allowed 6060 port through the host firewall?

Also it may help for us to know how is it setup

crowdsec installed on container host?
Prometheus is within a container so it most likely cant connect to 192.168 address. So you would change crowdsec prometheus url to be <docker_gateway_ip>

Hello thibault

I will answer iiAmLoz first:
I have a docker-stack of about 50 containers most of them in the same network. The ones open to the internet are behind a reverse proxy with TFA-app. Where necessary ports are open to the LAN so the containers can communicate with each other. Except for the the crowdsec-bouncer and some system relevant programs, everything is dockerized. I’m not very literate on firewall topics. So fasr I never had a firewall issue with any container.

For your question:
Now curl executed in the crowdsec container gives me bash: curl: command not found as it is obvousliy not installed on the (I suspect) alpine version of linux in the image.

On a hunch I also tried cscli metrics and got this message:
FATA[30-12-2022 11:22:08 AM] failed to fetch prometheus metrics : executing GET request for URL "" failed: Get "": EOF
Note, that when I disable prometheus I get the cli metrics. FYI Prometheus is on port 9090.

I then went into the logs of crowdsec and saw this: prometheus: listen tcp bind: cannot assign requested address.
So there is probably something wrong with my crowdsec ports config in docker-compose, but I wouldn’t know how to change that (seems to be rather obvious but I don’t see it):

        <<: *common-keys-core
        image: crowdsecurity/crowdsec
        container_name: crowdsec
            - "$CROWDSEC_API_PORT:8080"
            - "6060:6060" # For metrics export to Prometheus database.

any ideas?

Hi @akrea ,
Crowdsec container is not aware of the host’s local IP unless you set network_mode to host, so CS could not set it as listening IP for promethues.

On config.yml , you could try to expose it on :

  • (as you did for API)
  • Or, on Local IP of your container, something like 172.X.X.X (Prometheus must be on the same network to reach it)

Or you can set network_mode to host for crowdsec container on your compose file.

Sorry I did not come back on this one. Many things on my to do list. For now I use the online-dashboard of crowdsec. Maybe at a later time. Will post again if I come around to use it.

Thank you anyway for your help!!

1 Like