Telegram Notification Bug

CommittotheIndian · February 28, 2024, 11:05pm

I am running into this same issue. I could never get the email notification to work so I’m trying telegram. I am able to run the curl in the container from above and post a message to telegram.

I copied the URL and chat ID from my working curl into the http.yaml but it doesn’t work when I manually ban an IP. Is it because I manually banned? They show up fine in the alerts on the console webpage.

Here are my yaml.

profiles.yaml

> name: default_ip_remediation
> #debug: true
> filters:
>  - Alert.Remediation == true && Alert.GetScope() == "Ip"
> decisions:
>  - type: ban
>    duration: 4h
> #duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
> notifications:
> #   - slack_default  # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
> #   - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
>    - http_tele   # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
> #   - email_default  # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
> on_success: break

http.yaml

type: http          # Don't change
name: http_tele  # Must match the registered plugin in the profile

# One of "trace", "debug", "info", "warn", "error", "off"
log_level: info

# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
# max_retry:          # Number of attempts to relay messages to plugins in case of error
# timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"

#-------------------------
# plugin-specific options

# The following template receives a list of models.Alert objects
# The output goes in the http request body

# Replace XXXXXXXXX with your Telegram chat ID
format: |
  {
   "chat_id": "chat_id_without - at beginning", 
   "text": "
     {{range . -}}  
     {{$alert := . -}}  
     {{range .Decisions -}}
     {{.Value}} will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}}.
     {{end -}}
     {{end -}}
   ",
   "reply_markup": {
      "inline_keyboard": [
          {{ $arrLength := len . -}}
          {{ range $i, $value := . -}}
          {{ $V := $value.Source.Value -}}
          [
              {
                  "text": "See {{ $V }} on shodan.io",
                  "url": "https://www.shodan.io/host/{{ $V -}}"
              },
              {
                  "text": "See {{ $V }} on crowdsec.net",
                  "url": "https://app.crowdsec.net/cti/{{ $V -}}"
              }
          ]{{if lt $i ( sub $arrLength 1) }},{{end }}
      {{end -}}
      ]
    }
  }

url: https://api.telegram.org/bot_my_api/sendMessage # Replace <TELEGRAM_API_KEY> with your API key

method: POST
headers:
  Content-Type: "application/json"

Topic		Replies	Views
Telegram notification : plugin not enabled? crowdsec	4	1017	August 10, 2023
Email notification not sent crowdsec	14	732	September 26, 2024
Enable notification service won't start crowdsec	5	721	April 20, 2023
Discord notification like Telegram/gotify	0	79	February 17, 2025
No success setting up notifications crowdsec	5	293	April 30, 2025

Telegram Notification Bug

Related topics