Ten thousands of log entries in crowdsec.log

wambacher · October 26, 2024, 5:49pm

When I took a closer look at crowdsec.log (for the first time), I noticed thousands of ‘strange’ entries:

eg.

time=“2024-10-26T19:27:07+02:00” level=error msg=“Unable to enrich ip ‘engine7.uptimerobot.com’” id=summer-wind method=IpToRange name=crowdsecurity/geoip-enrich stage=s02-enrich

or

time=“2024-10-20T00:50:02+02:00” level=error msg=“Unable to enrich ip ‘localhost’” id=nameless-water method=IpToRange name=crowdsecurity/geoip-enrich stage=s02enrich

The sources of these hostnames are of course the Apache2 log files, which are stored in combined format.

There have been about 40.000 log entries since Oct 20 2024, growing and growing. What is going on?

btw i did not modify any config files in crowdsecurity/apache2-logs and crowdsecurity/geoip-enrich

wambacher · October 27, 2024, 1:14pm

I think, i got it:

switching from “HostnameLookups on” to “HostnameLookups off” in apache2.conf helped.

Topic		Replies	Views
Log-Files filled with "Unable to enrich ip '-'" crowdsec	1	31	August 27, 2024
Logs crowdsec crowdsecurity/geoip-enrich crowdsec	5	356	September 30, 2024
Reverse proxy duplicated access log crowdsec	2	348	September 11, 2023
Is my setup working	4	1096	November 6, 2020
New to crowdsec, coming from fail2ban crowdsec	9	753	February 20, 2024

Ten thousands of log entries in crowdsec.log

Related Topics