Can you paste your /etc/crowdsec/config.yaml so we can know more about your config.
Because the error seems to indicate that the payload isn’t json or plaintext.
Sorry, I deleted my last message because I realised i got it from the server, not the client where the crowdsec process won’t start. Anyway, I’ve posted the correct one below.
common:
daemonize: true
pid_dir: /var/run/
log_media: file
log_level: info
log_dir: /var/log/
log_max_size: 20
compress_logs: true
log_max_files: 10
working_dir: .
config_paths:
config_dir: /etc/crowdsec/
data_dir: /var/lib/crowdsec/data/
simulation_path: /etc/crowdsec/simulation.yaml
hub_dir: /etc/crowdsec/hub/
index_path: /etc/crowdsec/hub/.index.json
notification_dir: /etc/crowdsec/notifications/
plugin_dir: /usr/lib/crowdsec/plugins/
crowdsec_service:
acquisition_path: /etc/crowdsec/acquis.yaml
acquisition_dir: /etc/crowdsec/acquis.d
parser_routines: 1
cscli:
output: human
color: auto
db_config:
log_level: info
type: sqlite
db_path: /var/lib/crowdsec/data/crowdsec.db
#max_open_conns: 100
#user:
#password:
#db_name:
#host:
#port:
flush:
max_items: 5000
max_age: 7d
plugin_config:
user: nobody # plugin process would be ran on behalf of this user
group: nogroup # plugin process would be ran on behalf of this group
api:
client:
insecure_skip_verify: false
credentials_path: /etc/crowdsec/local_api_credentials.yaml
server:
log_level: info
listen_uri: 127.0.0.1:8080
profiles_path: /etc/crowdsec/profiles.yaml
console_path: /etc/crowdsec/console.yaml
online_client: # Central API credentials (to push signals and receive bad IPs)
credentials_path: /etc/crowdsec/online_api_credentials.yaml
trusted_ips: # IP ranges, or IPs which can have admin API access
- 127.0.0.1
- ::1
# tls:
# cert_file: /etc/crowdsec/ssl/cert.pem
# key_file: /etc/crowdsec/ssl/key.pem
prometheus:
enabled: true
level: full
listen_addr: 127.0.0.1
listen_port: 6060
it seems like when I put the IP address in there, it stops it from starting. I removed the username and password from the file, and it still won’t start. But I change it back to 10.0.0.1:3000 and it starts fine. But again, I can’t enroll it in the dashboard because it changes the url line in that file.
Hi, yes as explained in your Discord thread (I think you’re the same user that asked the same question in Discord), It’s impossible to connect to the dashboard by modifying this file. This file is only for the agent to connect to the local API. Depend, on which dashboard you want to set up.
The online dashboard app.crowdsec.net ? or the local one using Metabase?
The online dashboard can be setup by creating an account at app.crowdsec.net and then enrolling your crowdsec instance. cscli enroll <YOUR_ENROLL_KEY> , the enroll key can be fetched from the console.
The local dashboard (metabase), can be setup using cscli: cscli dashboard setup --listen <ADDR> -p <PORT> --password <password>
Any chance someone has any EnSite that might help to resolve this issue?
After running "docker exec -it crowdsec cscli hub update i now can not restart container. it wont run logs show
time=“2025-05-15T15:27:20-04:00” level=fatal msg=“api server init: unable to run plugin broker: while loading plugin: binary for plugin http_gotify not found”
I have tried many things. When I comment out the plugin files in profiles.yaml it lets me boot the conatienr. And then I ran “cscli hub update --with-content” and after that I ran “cscli hub upgade”.
Then a typed reboot into the conatiner shell and it rebooted fine. then i exited the container. Then I uncommented the http-default(- http-gotify) and email-default notifications in profile.yaml again
before issuing a “docker compose down && docker compose up -d --force-recreate --remove-orphans” command, but the container still wont load and says the same error about missing plugin binaries.
While it was still running and I was still inside the conatienrs shell I looked in the plugins dir with ls /usr/local/lib/crowdsec/plugins/ but nothing was present. How can I enable this functionality
again with out bricking crowdsec??? PLEASE HELP…
for context this it the content of both files. “profiles.yaml”
debug: false
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 4h
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
notifications:
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
- http_gotify # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
- email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
on_success: break ```
name: http_gotify # http_default # http_default # Must match the registered plugin in the profile
# One of "trace", "debug", "info", "warn", "error", "off"
log_level: info
# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
# group_threshold: # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
# max_retry: # Number of attempts to relay messages to plugins in case of error
# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
#-------------------------
# plugin-specific options
# The following template receives a list of models.Alert objects
# The output goes in the http request body
format: |
{{ range . -}}
{{ $alert := . -}}
{
"extras": {
"client::display": {
"contentType": "text/markdown"
}
},
"priority": 3,
{{range .Decisions -}}
"title": "{{.Type }} {{ .Value }} for {{.Duration}}",
"message": "{{.Scenario}} \n\n[crowdsec cti](https://app.crowdsec.net/cti/{{.Value -}}) \n\n[shodan](https://shodan.io/host/{{.Value -}})"
{{end -}}
}
{{ end -}}
# The plugin will make requests to this url, eg: https://www.example.com/
url: https://gotify.<<REDACTED>>.com/message
# Any of the http verbs: "POST", "GET", "PUT"...
method: POST
headers:
X-Gotify-Key: <<REDACTED>>
Content-Type: application/json
# skip_tls_verification: # true or false. Default is false ```