Unable to get crowdsec to start


I am trying to add crowdsec to a dashboard server, but when I try to load crowdsec on the client server, it says:

time=“22-04-2023 07:25:08” level=info msg=“Running journalctl command: /usr/bin/journalctl [journalctl --follow -n 0 _SYSTEMD_UNIT=apache2.service]” src=“journalctl-_SYSTEMD_UNIT=apache2.service” type=journalctl
time=“22-04-2023 07:25:08” level=info msg=“Running journalctl command: /usr/bin/journalctl [journalctl --follow -n 0 _SYSTEMD_UNIT=mysql.service]” src=“journalctl-_SYSTEMD_UNIT=mysql.service” type=journalctl
time=“22-04-2023 07:25:08” level=fatal msg=“starting outputs error : authenticate watcher (): Post "http://myip:3000/v1/watchers/login\”: unable to decode response: EOF"

Hi @aeternum,

Can you paste your /etc/crowdsec/config.yaml so we can know more about your config.
Because the error seems to indicate that the payload isn’t json or plaintext.

Sorry, I deleted my last message because I realised i got it from the server, not the client where the crowdsec process won’t start. Anyway, I’ve posted the correct one below.

  daemonize: true
  pid_dir: /var/run/
  log_media: file
  log_level: info
  log_dir: /var/log/
  log_max_size: 20
  compress_logs: true
  log_max_files: 10
  working_dir: .
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  simulation_path: /etc/crowdsec/simulation.yaml
  hub_dir: /etc/crowdsec/hub/
  index_path: /etc/crowdsec/hub/.index.json
  notification_dir: /etc/crowdsec/notifications/
  plugin_dir: /usr/lib/crowdsec/plugins/
  acquisition_path: /etc/crowdsec/acquis.yaml
  acquisition_dir: /etc/crowdsec/acquis.d
  parser_routines: 1
  output: human
  color: auto
  log_level: info
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
  #max_open_conns: 100
    max_items: 5000
    max_age: 7d
  user: nobody # plugin process would be ran on behalf of this user
  group: nogroup # plugin process would be ran on behalf of this group
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
    log_level: info
    profiles_path: /etc/crowdsec/profiles.yaml
    console_path: /etc/crowdsec/console.yaml
    online_client: # Central API credentials (to push signals and receive bad IPs)
      credentials_path: /etc/crowdsec/online_api_credentials.yaml
    trusted_ips: # IP ranges, or IPs which can have admin API access
      - ::1
#    tls:
#      cert_file: /etc/crowdsec/ssl/cert.pem
#      key_file: /etc/crowdsec/ssl/key.pem
  enabled: true
  level: full
  listen_port: 6060

ok, I’ve made a breakthrough. I can get the service to start when i change /etc/crowdsec/local_api_credentials.yaml to the following:


but i can’t enrol it, as when i do the command, it changes the /etc/crowdsec/local_api_credentials.yaml to the following:

url: http://<redacted>:3000/
login: <redacted>
password: <redacted>

it seems like when I put the IP address in there, it stops it from starting. I removed the username and password from the file, and it still won’t start. But I change it back to and it starts fine. But again, I can’t enroll it in the dashboard because it changes the url line in that file.

Hi, yes as explained in your Discord thread (I think you’re the same user that asked the same question in Discord), It’s impossible to connect to the dashboard by modifying this file. This file is only for the agent to connect to the local API. Depend, on which dashboard you want to set up.

The online dashboard app.crowdsec.net ? or the local one using Metabase?

The online dashboard can be setup by creating an account at app.crowdsec.net and then enrolling your crowdsec instance. cscli enroll <YOUR_ENROLL_KEY> , the enroll key can be fetched from the console.

The local dashboard (metabase), can be setup using cscli:
cscli dashboard setup --listen <ADDR> -p <PORT> --password <password>


I’m trying to set up the local metabase dashboard.

cscli dashboard setup --listen <ADDR> -p <PORT> --password <password>

Is that command ran on the client or the server running the dashboard?


The local dashboard is running on the server:

Before, I advised you to fix your /etc/crowdsec/local_api_credentials.yaml file because you modified it with the wrong config.

Thanks for the help, but I’m just gonna use app.crowdsec.net instead.