Docker container requires restart right after creation

[Simbiat]

What happened?

When creating Docker container for the first time, you can see some warnings/errors in logs like

time="2024-07-08T08:53:48Z" level=warning msg="scenario list is empty, will not pull yet"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ips.txt: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ip6s.txt: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.txt: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.regex: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/ip_seo_bots.txt: no such file or directory"

Not sure about the first one, but the rest seem strange, because these files are created in staging before we get to this point (or at least it looks that way), and copying of the files from there should be happening after collections installation, if I am reading docker_start.sh correctly.
As result to truly utilize the container I am forced to restart it (or at the least the CrowdSec service). Technically, the same is required in case I update Docker Compose and add/remove some collections/parsers/configs. Need for restart may not be obvious, though, if the output if I do up -d, and the output from CrowdSec goes to container, instead of file. And technically, this should not even be required, since the service is not even up yet.

What did you expect to happen?

The

rsync -av --ignore-existing /staging/etc/crowdsec/* /etc/crowdsec

should happen after components installation/removal, that is after

if [ "$DISABLE_APPSEC_RULES" != "" ]; then
    # shellcheck disable=SC2086
    cscli_if_clean appsec-rules remove "$DISABLE_APPSEC_RULES" --force
fi

How can we reproduce it (as minimally and precisely as possible)?

Have a docker compose service like this:

  crowdsec:
    #Based on https://github.com/crowdsecurity/example-docker-compose/tree/main/caddy
    container_name: crowdsec
    image: crowdsecurity/crowdsec:latest
    restart: unless-stopped
    environment:
      GID: 1000
      COLLECTIONS: crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/http-dos crowdsecurity/base-http-scenarios crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-wordpress crowdsecurity/wordpress crowdsecurity/discord-crawler-whitelist
      BOUNCER_KEY_CADDY: ${CROWDSEC_API_KEY}
    networks:
      webserver:
        ipv4_address: 172.21.0.12
    ports:
      - "8080:8080"
    volumes:
      - ${CROWDSEC_DATA_DIR}:/var/lib/crowdsec/data/:rw
      - ./config/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - ./config/crowdsec/acquis.d:/etc/crowdsec/acquis.d/:ro
      - ./config/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml.local:ro
      - ./config/crowdsec/online_api_credentials.yaml:/etc/crowdsec/online_api_credentials.yaml:ro
      #Required to read syslog. This will be valid only on UNIX
      - /var/log/:/var/log/:ro
      #Caddy logs folder is RW, because we're also writing Crowdsec logs here
      - ./logs:/usr/local/logs/:rw
    security_opt:
      - no-new-privileges=true
    healthcheck:
      test: [ "CMD", "cscli", "lapi", "status" ]
      start_period: 120s
      interval: 10s
      timeout: 5s
      retries: 3

Create and start the container

Anything else we need to know?

No response

Crowdsec version

version: v1.6.2-16bfab86
Codename: alphaga
BuildDate: 2024-06-05_14:25:55
GoVersion: 1.22.3
Platform: docker
libre2: C++
User-Agent: crowdsec/v1.6.2-16bfab86-docker
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0

OS version

BuildNumber  Caption                   OSArchitecture  Version
22631        Microsoft Windows 11 Pro  64-bit          10.0.22631

Enabled collections and parsers

name,status,version,description,type
crowdsecurity/appsec-logs,enabled,0.5,Parse Appsec events,parsers
crowdsecurity/caddy-logs,enabled,0.8,Parse caddy logs,parsers
crowdsecurity/cri-logs,enabled,0.1,CRI logging format parser,parsers
crowdsecurity/dateparse-enrich,enabled,0.2,,parsers
crowdsecurity/docker-logs,enabled,0.1,docker json logs parser,parsers
crowdsecurity/geoip-enrich,"enabled,update-available",0.3,"Populate event with geoloc info : as, country, coords, source range.",parsers
crowdsecurity/http-logs,enabled,1.2,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers
crowdsecurity/sshd-logs,"enabled,update-available",2.3,Parse openSSH logs,parsers
crowdsecurity/syslog-logs,enabled,0.8,,parsers
crowdsecurity/whitelists,enabled,0.2,Whitelist events from private ipv4 addresses,parsers
crowdsecurity/cdn-whitelist,enabled,0.4,Whitelist CDN providers,postoverflows
crowdsecurity/discord-crawler-whitelist,enabled,0.1,Discord PTR whitelist,postoverflows
crowdsecurity/rdns,enabled,0.3,Lookup the DNS associated to the source IP only for overflows,postoverflows
crowdsecurity/seo-bots-whitelist,enabled,0.5,Whitelist good search engine crawlers,postoverflows
crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.6,Detect cve-2021-44228 exploitation attemps,scenarios
crowdsecurity/appsec-vpatch,enabled,0.5,Identify attacks flagged by CrowdSec AppSec,scenarios
crowdsecurity/CVE-2017-9841,enabled,0.2,Detect CVE-2017-9841 exploits,scenarios
crowdsecurity/CVE-2019-18935,enabled,0.2,Detect Telerik CVE-2019-18935 exploitation attempts,scenarios
crowdsecurity/CVE-2022-26134,enabled,0.2,Detect CVE-2022-26134 exploits,scenarios
crowdsecurity/CVE-2022-35914,enabled,0.2,Detect CVE-2022-35914 exploits,scenarios
crowdsecurity/CVE-2022-37042,enabled,0.2,Detect CVE-2022-37042 exploits,scenarios
crowdsecurity/CVE-2022-40684,enabled,0.3,Detect cve-2022-40684 exploitation attempts,scenarios
crowdsecurity/CVE-2022-41082,enabled,0.4,Detect CVE-2022-41082 exploits,scenarios
crowdsecurity/CVE-2022-41697,enabled,0.2,Detect CVE-2022-41697 enumeration,scenarios
crowdsecurity/CVE-2022-42889,enabled,0.3,Detect CVE-2022-42889 exploits (Text4Shell),scenarios
crowdsecurity/CVE-2022-44877,enabled,0.3,Detect CVE-2022-44877 exploits,scenarios
crowdsecurity/CVE-2022-46169,enabled,0.2,Detect CVE-2022-46169 brute forcing,scenarios
crowdsecurity/CVE-2023-22515,enabled,0.1,Detect CVE-2023-22515 exploitation,scenarios
crowdsecurity/CVE-2023-22518,enabled,0.2,Detect CVE-2023-22518 exploits,scenarios
crowdsecurity/CVE-2023-49103,enabled,0.3,Detect owncloud CVE-2023-49103 exploitation attempts,scenarios
crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.2,Detect cve-2020-5902 exploitation attemps,scenarios
crowdsecurity/fortinet-cve-2018-13379,enabled,0.3,Detect cve-2018-13379 exploitation attemps,scenarios
crowdsecurity/grafana-cve-2021-43798,enabled,0.2,Detect cve-2021-43798 exploitation attemps,scenarios
crowdsecurity/http-admin-interface-probing,enabled,0.4,Detect generic HTTP admin interface probing,scenarios
crowdsecurity/http-backdoors-attempts,enabled,0.6,Detect attempt to common backdoors,scenarios
crowdsecurity/http-bad-user-agent,enabled,1.2,Detect usage of bad User Agent,scenarios
crowdsecurity/http-bf-wordpress_bf,enabled,0.7,Detect WordPress bruteforce on admin interface,scenarios
crowdsecurity/http-crawl-non_statics,enabled,0.7,Detect aggressive crawl on non static resources,scenarios
crowdsecurity/http-cve-2021-41773,enabled,0.2,cve-2021-41773,scenarios
crowdsecurity/http-cve-2021-42013,enabled,0.2,cve-2021-42013,scenarios
crowdsecurity/http-cve-probing,enabled,0.2,Detect generic HTTP cve probing,scenarios
crowdsecurity/http-dos-bypass-cache,enabled,0.5,Detect DoS tools bypassing cache every request,scenarios
crowdsecurity/http-dos-invalid-http-versions,enabled,0.7,Detect DoS tools using invalid HTTP versions,scenarios
crowdsecurity/http-dos-random-uri,enabled,0.4,Detect DoS tools using random uri,scenarios
crowdsecurity/http-dos-switching-ua,enabled,0.5,Detect DoS tools switching user-agent too fast,scenarios
crowdsecurity/http-generic-bf,enabled,0.6,Detect generic http brute force,scenarios
crowdsecurity/http-open-proxy,enabled,0.5,Detect scan for open proxy,scenarios
crowdsecurity/http-path-traversal-probing,enabled,0.4,Detect path traversal attempt,scenarios
crowdsecurity/http-probing,enabled,0.4,Detect site scanning/probing from a single ip,scenarios
crowdsecurity/http-sensitive-files,enabled,0.4,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios
crowdsecurity/http-sqli-probing,enabled,0.4,A scenario that detects SQL injection probing with minimal false positives,scenarios
crowdsecurity/http-wordpress-scan,enabled,0.2,Detect WordPress scan: vuln hunting,scenarios
crowdsecurity/http-wordpress_user-enum,enabled,0.3,Detect WordPress probing: authors enumeration,scenarios
crowdsecurity/http-wordpress_wpconfig,enabled,0.3,Detect WordPress probing: variations around wp-config.php by wpscan,scenarios
crowdsecurity/http-xss-probing,enabled,0.4,A scenario that detects XSS probing with minimal false positives,scenarios
crowdsecurity/jira_cve-2021-26086,enabled,0.3,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios
crowdsecurity/netgear_rce,enabled,0.3,Detect Netgear RCE DGN1000/DGN220 exploitation attempts,scenarios
crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.3,Detect cve-2019-11510 exploitation attemps,scenarios
crowdsecurity/spring4shell_cve-2022-22965,enabled,0.3,Detect cve-2022-22965 probing,scenarios
crowdsecurity/ssh-bf,enabled,0.3,Detect ssh bruteforce,scenarios
crowdsecurity/ssh-slow-bf,enabled,0.4,Detect slow ssh bruteforce,scenarios
crowdsecurity/thinkphp-cve-2018-20062,enabled,0.6,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios
crowdsecurity/vmware-cve-2022-22954,enabled,0.3,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios
crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.2,Detect VMSA-2021-0027 exploitation attemps,scenarios
ltsich/http-w00tw00t,enabled,0.2,detect w00tw00t,scenarios
crowdsecurity/appsec_base,enabled,0.2,,contexts
crowdsecurity/bf_base,enabled,0.1,,contexts
crowdsecurity/http_base,enabled,0.2,,contexts
crowdsecurity/appsec-default,enabled,0.1,,appsec-configs
crowdsecurity/crs,enabled,0.2,,appsec-configs
crowdsecurity/generic-rules,enabled,0.3,,appsec-configs
crowdsecurity/virtual-patching,enabled,0.4,,appsec-configs
crowdsecurity/base-config,enabled,0.1,,appsec-rules
crowdsecurity/crs,enabled,0.4,,appsec-rules
crowdsecurity/generic-freemarker-ssti,enabled,0.3,Generic FreeMarker SSTI,appsec-rules
crowdsecurity/vpatch-connectwise-auth-bypass,enabled,0.3,Detect exploitation of auth bypass in ConnectWise ScreenConnect,appsec-rules
crowdsecurity/vpatch-CVE-2017-9841,enabled,0.3,PHPUnit RCE (CVE-2017-9841),appsec-rules
crowdsecurity/vpatch-CVE-2018-1000861,enabled,0.1,Jenkins - RCE (CVE-2018-1000861),appsec-rules
crowdsecurity/vpatch-CVE-2018-10562,enabled,0.2,Dasan GPON RCE (CVE-2018-10562),appsec-rules
crowdsecurity/vpatch-CVE-2019-1003030,enabled,0.1,Jenkins - RCE (CVE-2019-1003030),appsec-rules
crowdsecurity/vpatch-CVE-2019-12989,enabled,0.3,Citrix SQLi (CVE-2019-12989),appsec-rules
crowdsecurity/vpatch-CVE-2020-11738,enabled,0.6,Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738),appsec-rules
crowdsecurity/vpatch-CVE-2020-17496,enabled,0.1,vBulletin RCE (CVE-2020-17496),appsec-rules
crowdsecurity/vpatch-CVE-2021-22941,enabled,0.3,Citrix RCE (CVE-2021-22941),appsec-rules
crowdsecurity/vpatch-CVE-2021-3129,enabled,0.4,Laravel with Ignition Debug Mode RCE (CVE-2021-3129),appsec-rules
crowdsecurity/vpatch-CVE-2022-22954,enabled,0.2,VMWare Workspace ONE Access RCE (CVE-2022-22954),appsec-rules
crowdsecurity/vpatch-CVE-2022-22965,enabled,0.2,Spring4Shell - RCE (CVE-2022-22965),appsec-rules
crowdsecurity/vpatch-CVE-2022-27926,enabled,0.4,Zimbra Collaboration XSS (CVE-2022-27926),appsec-rules
crowdsecurity/vpatch-CVE-2022-35914,enabled,0.5,GLPI RCE (CVE-2022-35914),appsec-rules
crowdsecurity/vpatch-CVE-2022-44877,enabled,0.2,CentOS Web Panel 7 RCE (CVE-2022-44877),appsec-rules
crowdsecurity/vpatch-CVE-2022-46169,enabled,0.5,Cacti RCE (CVE-2022-46169),appsec-rules
crowdsecurity/vpatch-CVE-2023-0600,enabled,0.1,WP Visitor Statistics - SQL Injection (CVE-2023-0600),appsec-rules
crowdsecurity/vpatch-CVE-2023-0900,enabled,0.1,AP Pricing Tables Lite - SQL Injection (CVE-2023-0900),appsec-rules
crowdsecurity/vpatch-CVE-2023-1389,enabled,0.1,TP-Link Archer AX21 - RCE (CVE-2023-1389),appsec-rules
crowdsecurity/vpatch-CVE-2023-2009,enabled,0.1,Pretty Url - XSS (CVE-2023-2009),appsec-rules
crowdsecurity/vpatch-CVE-2023-20198,enabled,0.6,CISCO IOS XE Account Creation (CVE-2023-20198),appsec-rules
crowdsecurity/vpatch-CVE-2023-22515,enabled,0.4,Atlassian Confluence Privesc (CVE-2023-22515),appsec-rules
crowdsecurity/vpatch-CVE-2023-22527,enabled,0.2,RCE using SSTI in Confluence (CVE-2023-22527),appsec-rules
crowdsecurity/vpatch-CVE-2023-23488,enabled,0.2,Wordpress Paid Memberships Pro Blind SQLi (CVE-2023-23488),appsec-rules
crowdsecurity/vpatch-CVE-2023-23489,enabled,0.1,WordPress Easy Digital Downloads plugin SQL injection (CVE-2023-23489),appsec-rules
crowdsecurity/vpatch-CVE-2023-23752,enabled,0.1,Joomla! Webservice - Password Disclosure (CVE-2023-23752),appsec-rules
crowdsecurity/vpatch-CVE-2023-24489,enabled,0.2,Citrix ShareFile RCE (CVE-2023-24489),appsec-rules
crowdsecurity/vpatch-CVE-2023-28121,enabled,0.1,WooCommerce auth bypass (CVE-2023-28121),appsec-rules
crowdsecurity/vpatch-CVE-2023-33617,enabled,0.4,Atlassian Confluence Privesc (CVE-2023-33617),appsec-rules
crowdsecurity/vpatch-CVE-2023-34362,enabled,0.6,MOVEit Transfer RCE (CVE-2023-34362),appsec-rules
crowdsecurity/vpatch-CVE-2023-35078,enabled,0.1,MobileIron Core Remote Unauthenticated API Access (CVE-2023-35078),appsec-rules
crowdsecurity/vpatch-CVE-2023-35082,enabled,0.2,MobileIron Core Remote Unauthenticated API Access (CVE-2023-35082),appsec-rules
crowdsecurity/vpatch-CVE-2023-3519,enabled,0.3,Citrix RCE (CVE-2023-3519),appsec-rules
crowdsecurity/vpatch-CVE-2023-38205,enabled,0.3,Adobe ColdFusion Access Control Bypass (CVE-2023-38205),appsec-rules
crowdsecurity/vpatch-CVE-2023-40044,enabled,0.3,WS_FTP .NET deserialize RCE (CVE-2023-40044),appsec-rules
crowdsecurity/vpatch-CVE-2023-42793,enabled,0.3,JetBrains Teamcity Auth Bypass (CVE-2023-42793),appsec-rules
crowdsecurity/vpatch-CVE-2023-4634,enabled,0.2,Media Library Assistant - RCE 2023 4634,appsec-rules
crowdsecurity/vpatch-CVE-2023-46805,enabled,0.4,Ivanti Connect Auth Bypass (CVE-2023-46805),appsec-rules
crowdsecurity/vpatch-CVE-2023-49070,enabled,0.1,Apache OFBiz - RCE (CVE-2023-49070),appsec-rules
crowdsecurity/vpatch-CVE-2023-50164,enabled,0.6,Apache Struts2 Path Traversal (CVE-2023-50164),appsec-rules
crowdsecurity/vpatch-CVE-2023-6360,enabled,0.1,WordPress My Calendar - SQL Injection (CVE-2023-6360),appsec-rules
crowdsecurity/vpatch-CVE-2023-6553,enabled,0.1,Backup Migration plugin for WordPress RCE (CVE-2023-6553),appsec-rules
crowdsecurity/vpatch-CVE-2023-6567,enabled,0.1,LearnPress - SQL Injection (CVE-2023-6567),appsec-rules
crowdsecurity/vpatch-CVE-2023-6623,enabled,0.1,Wordpress Essential Blocks plugin LFI (CVE-2023-6623),appsec-rules
crowdsecurity/vpatch-CVE-2023-7028,enabled,0.2,Gitlab Password Reset Account Takeover (CVE-2023-7028),appsec-rules
crowdsecurity/vpatch-CVE-2024-1061,enabled,0.1,WordPress HTML5 Video Player - SQL Injection (CVE-2024-1061),appsec-rules
crowdsecurity/vpatch-CVE-2024-1071,enabled,0.2,WordPress Ultimate Member - SQL Injection (CVE-2024-1071),appsec-rules
crowdsecurity/vpatch-CVE-2024-1212,enabled,0.3,Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212),appsec-rules
crowdsecurity/vpatch-CVE-2024-22024,enabled,0.1,Ivanti Connect Secure - XXE (CVE-2024-22024),appsec-rules
crowdsecurity/vpatch-CVE-2024-23897,enabled,0.4,Jenkins CLI RCE (CVE-2024-23897),appsec-rules
crowdsecurity/vpatch-CVE-2024-27198,enabled,0.4,Teamcity - Authentication Bypass (CVE-2024-27198),appsec-rules
crowdsecurity/vpatch-CVE-2024-29849,enabled,0.5,Veeam Backup Enterprise Manager - Authentication Bypass (CVE-2024-29849),appsec-rules
crowdsecurity/vpatch-CVE-2024-3273,enabled,0.1,D-LINK NAS Command Injection (CVE-2024-3273),appsec-rules
crowdsecurity/vpatch-CVE-2024-4577,enabled,0.1,PHP CGI Command Injection - CVE-2024-4577,appsec-rules
crowdsecurity/vpatch-env-access,enabled,0.1,Detect access to .env files,appsec-rules
crowdsecurity/vpatch-laravel-debug-mode,enabled,0.3,Detect bots exploiting laravel debug mode,appsec-rules
crowdsecurity/vpatch-symfony-profiler,enabled,0.1,Detect abuse of symfony profiler,appsec-rules
crowdsecurity/appsec-crs,enabled,0.4,Appsec: Modsecurity core rule set rules,collections
crowdsecurity/appsec-generic-rules,enabled,0.5,A collection of generic attack vectors for additional protection.,collections
crowdsecurity/appsec-virtual-patching,enabled,2.8,"a generic virtual patching collection, suitable for most web servers.",collections
crowdsecurity/appsec-wordpress,enabled,0.2,"A virtual patching collection, suitable for WordPress websites",collections
crowdsecurity/base-http-scenarios,enabled,1.0,http common : scanners detection,collections
crowdsecurity/caddy,enabled,0.1,caddy support : parser and generic http scenarios,collections
crowdsecurity/discord-crawler-whitelist,enabled,0.1,Whitelist Discord PTR domains,collections
crowdsecurity/http-cve,enabled,2.6,Detect CVE exploitation in http logs,collections
crowdsecurity/http-dos,enabled,0.2,,collections
crowdsecurity/linux,"enabled,update-available",0.2,core linux support : syslog+geoip+ssh,collections
crowdsecurity/sshd,"enabled,update-available",0.3,sshd support : parser and brute-force detection,collections
crowdsecurity/whitelist-good-actors,enabled,0.1,Good actors whitelists,collections
crowdsecurity/wordpress,enabled,0.5,wordpress: Bruteforce protection and config probing,collections

Acquisition config

```console filenames: - /usr/local/logs/access.log labels: type: caddyfilenames: - /usr/local/logs/mariadb.log labels: type: mariadbfilenames: - /var/log/auth.log - /var/log/syslog labels: type: syslog

Config show

Global:
   - Configuration Folder   : /etc/crowdsec
   - Data Folder            : /var/lib/crowdsec/data
   - Hub Folder             : /etc/crowdsec/hub
   - Simulation File        : /etc/crowdsec/simulation.yaml
   - Log Folder             : /usr/local/logs
   - Log level              : warning
   - Log Media              : file
Crowdsec:
  - Acquisition File        : /etc/crowdsec/acquis.yaml
  - Parsers routines        : 1
  - Acquisition Folder      : /etc/crowdsec/acquis.d
cscli:
  - Output                  : human
  - Hub Branch              : 
API Client:
  - URL                     : http://0.0.0.0:8080/
  - Login                   : localhost
  - Credentials File        : /etc/crowdsec/local_api_credentials.yaml
Local API Server:
  - Listen URL              : 0.0.0.0:8080
  - Listen Socket           : 
  - Profile File            : /etc/crowdsec/profiles.yaml

  - Trusted IPs:
      - 127.0.0.1
      - ::1
      - 172.21.0.0/16
  - Database:
      - Type                : sqlite
      - Path                : /var/lib/crowdsec/data/crowdsec.db
      - Flush age           : 7d
      - Flush size          : 5000

Prometheus metrics

N/A

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

N/A

[github-actions]

@Simbiat: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

1. Check Crowdsec Documentation to see if your issue can be self resolved.
2. You can also join our Discord.
3. Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[LaurenceJJones]

Struggling to replicate the issue, could be an external factor (onedrive sync) or WSL specific.

The files are not created before the collection is installed, within the staging directory is everything for /etc/crowdsec the datafiles are within /var/lib/crowdsec/data/ so it could be this directory has some issue?

Logs within details:

root@bookworm:/tmp# docker compose up
[+] Running 1/0
✔ Container crowdsec  Recreated                                                                                                                                                              0.1s
Attaching to crowdsec
crowdsec  | Populating configuration directory...
crowdsec  | sending incremental file list
crowdsec  | acquis.yaml
crowdsec  | config.yaml
crowdsec  | console.yaml
crowdsec  | dev.yaml
crowdsec  | local_api_credentials.yaml
crowdsec  | online_api_credentials.yaml
crowdsec  | profiles.yaml
crowdsec  | simulation.yaml
crowdsec  | user.yaml
crowdsec  | acquis.d/
crowdsec  | appsec-configs/
crowdsec  | appsec-rules/
crowdsec  | collections/
crowdsec  | collections/linux.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/linux.yaml
crowdsec  | collections/sshd.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/sshd.yaml
crowdsec  | console/
crowdsec  | console/context.yaml
crowdsec  | contexts/
crowdsec  | contexts/bf_base.yaml -> /etc/crowdsec/hub/contexts/crowdsecurity/bf_base.yaml
crowdsec  | hub/
crowdsec  | hub/.index.json
crowdsec  | hub/collections/
crowdsec  | hub/collections/crowdsecurity/
crowdsec  | hub/collections/crowdsecurity/linux.yaml
crowdsec  | hub/collections/crowdsecurity/sshd.yaml
crowdsec  | hub/contexts/
crowdsec  | hub/contexts/crowdsecurity/
crowdsec  | hub/contexts/crowdsecurity/bf_base.yaml
crowdsec  | hub/parsers/
crowdsec  | hub/parsers/s00-raw/
crowdsec  | hub/parsers/s00-raw/crowdsecurity/
crowdsec  | hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
crowdsec  | hub/parsers/s01-parse/
crowdsec  | hub/parsers/s01-parse/crowdsecurity/
crowdsec  | hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
crowdsec  | hub/parsers/s02-enrich/
crowdsec  | hub/parsers/s02-enrich/crowdsecurity/
crowdsec  | hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
crowdsec  | hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
crowdsec  | hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
crowdsec  | hub/scenarios/
crowdsec  | hub/scenarios/crowdsecurity/
crowdsec  | hub/scenarios/crowdsecurity/ssh-bf.yaml
crowdsec  | hub/scenarios/crowdsecurity/ssh-slow-bf.yaml
crowdsec  | notifications/
crowdsec  | notifications/email.yaml
crowdsec  | notifications/http.yaml
crowdsec  | notifications/sentinel.yaml
crowdsec  | notifications/slack.yaml
crowdsec  | notifications/splunk.yaml
crowdsec  | parsers/
crowdsec  | parsers/s00-raw/
crowdsec  | parsers/s00-raw/syslog-logs.yaml -> /etc/crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
crowdsec  | parsers/s01-parse/
crowdsec  | parsers/s01-parse/sshd-logs.yaml -> /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
crowdsec  | parsers/s02-enrich/
crowdsec  | parsers/s02-enrich/dateparse-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
crowdsec  | parsers/s02-enrich/geoip-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
crowdsec  | parsers/s02-enrich/whitelists.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
crowdsec  | patterns/
crowdsec  | patterns/aws
crowdsec  | patterns/bacula
crowdsec  | patterns/bro
crowdsec  | patterns/cowrie_honeypot
crowdsec  | patterns/exim
crowdsec  | patterns/firewalls
crowdsec  | patterns/haproxy
crowdsec  | patterns/java
crowdsec  | patterns/junos
crowdsec  | patterns/linux-syslog
crowdsec  | patterns/mcollective
crowdsec  | patterns/modsecurity
crowdsec  | patterns/mongodb
crowdsec  | patterns/mysql
crowdsec  | patterns/nagios
crowdsec  | patterns/nginx
crowdsec  | patterns/paths
crowdsec  | patterns/postgresql
crowdsec  | patterns/rails
crowdsec  | patterns/redis
crowdsec  | patterns/ruby
crowdsec  | patterns/smb
crowdsec  | patterns/ssh
crowdsec  | patterns/tcpdump
crowdsec  | postoverflows/
crowdsec  | scenarios/
crowdsec  | scenarios/ssh-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml
crowdsec  | scenarios/ssh-slow-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml
crowdsec  |
crowdsec  | sent 1,248,943 bytes  received 1,128 bytes  2,500,142.00 bytes/sec
crowdsec  | total size is 1,244,280  speedup is 1.00
crowdsec  | Error: no matches found
crowdsec  | Generate local agent credentials
crowdsec  | Machine 'localhost' successfully added to the local API.
crowdsec  | API credentials written to '/etc/crowdsec/local_api_credentials.yaml'.
crowdsec  | Check if lapi needs to register an additional agent
crowdsec  | time="2024-07-08T10:39:39Z" level=warning msg="can't load CAPI credentials from '/etc/crowdsec//online_api_credentials.yaml' (missing login field)"
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="Successfully registered to Central API (CAPI)"
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="Central API credentials written to '/etc/crowdsec//online_api_credentials.yaml'"
crowdsec  | time="2024-07-08T10:39:41Z" level=warning msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Registration to online API done
crowdsec  | sqlite database permissions updated
crowdsec  | time="2024-07-08T10:39:41Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="Wrote index to /etc/crowdsec/hub/.index.json, 1207438 bytes"
crowdsec  | time="2024-07-08T10:39:41Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="Upgrading parsers"
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="crowdsecurity/dateparse-enrich: up-to-date"
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="crowdsecurity/whitelists: up-to-date"
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="crowdsecurity/geoip-enrich: up-to-date"
crowdsec  | time="2024-07-08T10:39:41Z" level=info msg="new version available, updating /var/lib/crowdsec/data/GeoLite2-City.mmdb"
crowdsec  | updated GeoLite2-City.mmdb
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="new version available, updating /var/lib/crowdsec/data/GeoLite2-ASN.mmdb"
crowdsec  | updated GeoLite2-ASN.mmdb
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/syslog-logs: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/sshd-logs: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 parsers"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgrading postoverflows"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 postoverflows"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgrading scenarios"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/ssh-slow-bf: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/ssh-bf: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 scenarios"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgrading contexts"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/bf_base: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 contexts"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgrading appsec-configs"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 appsec-configs"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgrading appsec-rules"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 appsec-rules"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgrading collections"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/linux: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/sshd: up-to-date"
crowdsec  | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 collections"
crowdsec  | Running: cscli  parsers install "crowdsecurity/docker-logs"
crowdsec  | time="2024-07-08T10:39:44Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/docker-logs: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/docker-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled crowdsecurity/docker-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  parsers install "crowdsecurity/cri-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/cri-logs: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/cri-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled crowdsecurity/cri-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/caddy"
crowdsec  | time="2024-07-08T10:39:45Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/caddy-logs: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/caddy-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-logs: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/http-logs"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-crawl-non_statics: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-crawl-non_statics"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-probing: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-probing"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-bad-user-agent: OK"
crowdsec  | updated bad_user_agents.regex.txt
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-bad-user-agent"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-path-traversal-probing: OK"
crowdsec  | updated http_path_traversal.txt
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-path-traversal-probing"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-sensitive-files: OK"
crowdsec  | updated sensitive_data.txt
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-sensitive-files"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-sqli-probing: OK"
crowdsec  | updated sqli_probe_patterns.txt
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-sqli-probing"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-xss-probing: OK"
crowdsec  | updated xss_probe_patterns.txt
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-xss-probing"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-backdoors-attempts: OK"
crowdsec  | updated backdoors.txt
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-backdoors-attempts"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="ltsich/http-w00tw00t: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: ltsich/http-w00tw00t"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-generic-bf: OK"
crowdsec  | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-generic-bf"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-open-proxy: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-open-proxy"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-admin-interface-probing: OK"
crowdsec  | updated admin_interfaces.txt
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-admin-interface-probing"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-wordpress-scan: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-wordpress-scan"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve-probing: OK"
crowdsec  | updated trendy_cves.txt
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-cve-probing"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http_base: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled contexts: crowdsecurity/http_base"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve-2021-41773: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-41773"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve-2021-42013: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-42013"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/grafana-cve-2021-43798: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/grafana-cve-2021-43798"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/vmware-vcenter-vmsa-2021-0027"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/fortinet-cve-2018-13379: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/fortinet-cve-2018-13379"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/pulse-secure-sslvpn-cve-2019-11510"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/f5-big-ip-cve-2020-5902: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/f5-big-ip-cve-2020-5902"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/thinkphp-cve-2018-20062: OK"
crowdsec  | updated thinkphp_cve_2018-20062.txt
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/thinkphp-cve-2018-20062"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/apache_log4j2_cve-2021-44228: OK"
crowdsec  | updated log4j2_cve_2021_44228.txt
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/apache_log4j2_cve-2021-44228"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/jira_cve-2021-26086: OK"
crowdsec  | updated jira_cve_2021-26086.txt
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/jira_cve-2021-26086"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/spring4shell_cve-2022-22965: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/spring4shell_cve-2022-22965"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/vmware-cve-2022-22954: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/vmware-cve-2022-22954"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-37042: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-37042"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-41082: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41082"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-35914: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-35914"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-40684: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-40684"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-26134: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-26134"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-42889: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-42889"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-41697: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41697"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-46169: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-46169"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-44877: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-44877"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2019-18935: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2019-18935"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/netgear_rce: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/netgear_rce"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2023-22515: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22515"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2023-22518: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22518"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2023-49103: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-49103"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2017-9841: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2017-9841"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=warning msg="crowdsecurity/http-cve: overwrite"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/base-http-scenarios: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/caddy: OK"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled collections: crowdsecurity/http-cve"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled collections: crowdsecurity/caddy"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Enabled crowdsecurity/caddy"
crowdsec  | time="2024-07-08T10:39:46Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/whitelist-good-actors"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/seo-bots-whitelist: OK"
crowdsec  | updated rdns_seo_bots.txt
crowdsec  | updated rdns_seo_bots.regex
crowdsec  | updated ip_seo_bots.txt
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/seo-bots-whitelist"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/cdn-whitelist: OK"
crowdsec  | updated cloudflare_ips.txt
crowdsec  | updated cloudflare_ip6s.txt
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/cdn-whitelist"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/rdns: OK"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/rdns"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/whitelist-good-actors: OK"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled collections: crowdsecurity/whitelist-good-actors"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled crowdsecurity/whitelist-good-actors"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/http-cve"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/http-cve-2021-41773: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/http-cve-2021-42013: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/grafana-cve-2021-43798: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/fortinet-cve-2018-13379: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/f5-big-ip-cve-2020-5902: overwrite"
crowdsec  | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/thinkphp-cve-2018-20062: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/apache_log4j2_cve-2021-44228: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/jira_cve-2021-26086: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/spring4shell_cve-2022-22965: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/vmware-cve-2022-22954: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-37042: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-41082: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-35914: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-40684: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-26134: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-42889: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-41697: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-46169: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-44877: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2019-18935: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/netgear_rce: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2023-22515: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2023-22518: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2023-49103: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2017-9841: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-cve: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled collections: crowdsecurity/http-cve"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled crowdsecurity/http-cve"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/http-dos"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-bypass-cache: OK"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-bypass-cache"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-random-uri: OK"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-random-uri"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-switching-ua: OK"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-switching-ua"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-invalid-http-versions: OK"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-invalid-http-versions"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos: OK"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled collections: crowdsecurity/http-dos"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Enabled crowdsecurity/http-dos"
crowdsec  | time="2024-07-08T10:39:48Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/base-http-scenarios"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-logs: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-crawl-non_statics: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-probing: overwrite"
crowdsec  | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-bad-user-agent: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-path-traversal-probing: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-sensitive-files: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-sqli-probing: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-xss-probing: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-backdoors-attempts: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="ltsich/http-w00tw00t: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-generic-bf: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-open-proxy: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-admin-interface-probing: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-wordpress-scan: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve-probing: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http_base: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve-2021-41773: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve-2021-42013: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/grafana-cve-2021-43798: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/fortinet-cve-2018-13379: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/f5-big-ip-cve-2020-5902: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/thinkphp-cve-2018-20062: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/apache_log4j2_cve-2021-44228: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/jira_cve-2021-26086: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/spring4shell_cve-2022-22965: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/vmware-cve-2022-22954: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-37042: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-41082: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-35914: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-40684: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-26134: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-42889: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-41697: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-46169: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-44877: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2019-18935: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/netgear_rce: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2023-22515: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2023-22518: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2023-49103: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2017-9841: overwrite"
crowdsec  | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve: overwrite"
crowdsec  | time="2024-07-08T10:39:50Z" level=warning msg="crowdsecurity/http-cve: overwrite"
crowdsec  | time="2024-07-08T10:39:50Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="Enabled collections: crowdsecurity/http-cve"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists."
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="Enabled crowdsecurity/base-http-scenarios"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/appsec-crs"
crowdsec  | time="2024-07-08T10:39:50Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="crowdsecurity/appsec-logs: OK"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="Enabled parsers: crowdsecurity/appsec-logs"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="crowdsecurity/crs: OK"
crowdsec  | time="2024-07-08T10:39:50Z" level=info msg="Enabled appsec-configs: crowdsecurity/crs"
crowdsec  | time="2024-07-08T10:39:51Z" level=info msg="crowdsecurity/crs: OK"
crowdsec  | updated crs-setup.conf
crowdsec  | updated REQUEST-901-INITIALIZATION.conf
crowdsec  | updated REQUEST-905-COMMON-EXCEPTIONS.conf
crowdsec  | updated REQUEST-911-METHOD-ENFORCEMENT.conf
crowdsec  | updated REQUEST-913-SCANNER-DETECTION.conf
crowdsec  | updated REQUEST-920-PROTOCOL-ENFORCEMENT.conf
crowdsec  | updated REQUEST-921-PROTOCOL-ATTACK.conf
crowdsec  | updated REQUEST-922-MULTIPART-ATTACK.conf
crowdsec  | updated REQUEST-930-APPLICATION-ATTACK-LFI.conf
crowdsec  | updated REQUEST-931-APPLICATION-ATTACK-RFI.conf
crowdsec  | updated REQUEST-932-APPLICATION-ATTACK-RCE.conf
crowdsec  | updated REQUEST-933-APPLICATION-ATTACK-PHP.conf
crowdsec  | updated REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
crowdsec  | updated REQUEST-941-APPLICATION-ATTACK-XSS.conf
crowdsec  | updated REQUEST-942-APPLICATION-ATTACK-SQLI.conf
crowdsec  | updated REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
crowdsec  | updated REQUEST-944-APPLICATION-ATTACK-JAVA.conf
crowdsec  | updated REQUEST-949-BLOCKING-EVALUATION.conf
crowdsec  | updated RESPONSE-950-DATA-LEAKAGES.conf
crowdsec  | updated RESPONSE-951-DATA-LEAKAGES-SQL.conf
crowdsec  | updated RESPONSE-952-DATA-LEAKAGES-JAVA.conf
crowdsec  | updated RESPONSE-953-DATA-LEAKAGES-PHP.conf
crowdsec  | updated RESPONSE-954-DATA-LEAKAGES-IIS.conf
crowdsec  | updated RESPONSE-955-WEB-SHELLS.conf
crowdsec  | updated RESPONSE-959-BLOCKING-EVALUATION.conf
crowdsec  | updated RESPONSE-980-CORRELATION.conf
crowdsec  | updated crawlers-user-agents.data
crowdsec  | updated iis-errors.data
crowdsec  | updated java-classes.data
crowdsec  | updated java-code-leakages.data
crowdsec  | updated java-errors.data
crowdsec  | updated lfi-os-files.data
crowdsec  | updated php-config-directives.data
crowdsec  | updated php-errors.data
crowdsec  | updated php-errors-pl2.data
crowdsec  | updated php-function-names-933150.data
crowdsec  | updated php-function-names-933151.data
crowdsec  | updated php-variables.data
crowdsec  | updated restricted-files.data
crowdsec  | updated restricted-upload.data
crowdsec  | updated scanners-headers.data
crowdsec  | updated scanners-urls.data
crowdsec  | updated scanners-user-agents.data
crowdsec  | updated scripting-user-agents.data
crowdsec  | updated sql-errors.data
crowdsec  | updated ssrf.data
crowdsec  | updated unix-shell.data
crowdsec  | updated web-shells-php.data
crowdsec  | updated windows-powershell-commands.data
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="Enabled appsec-rules: crowdsecurity/crs"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="crowdsecurity/appsec-crs: OK"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="Enabled collections: crowdsecurity/appsec-crs"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="Enabled crowdsecurity/appsec-crs"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/appsec-generic-rules"
crowdsec  | time="2024-07-08T10:39:54Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:54Z" level=warning msg="crowdsecurity/appsec-logs: overwrite"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="crowdsecurity/appsec-vpatch: OK"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="Enabled scenarios: crowdsecurity/appsec-vpatch"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="crowdsecurity/appsec_base: OK"
crowdsec  | time="2024-07-08T10:39:54Z" level=info msg="Enabled contexts: crowdsecurity/appsec_base"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/generic-rules: OK"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-configs: crowdsecurity/generic-rules"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/appsec-default: OK"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-configs: crowdsecurity/appsec-default"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/base-config: OK"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-rules: crowdsecurity/base-config"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/generic-freemarker-ssti: OK"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-rules: crowdsecurity/generic-freemarker-ssti"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/appsec-generic-rules: OK"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Enabled collections: crowdsecurity/appsec-generic-rules"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Enabled crowdsecurity/appsec-generic-rules"
crowdsec  | time="2024-07-08T10:39:55Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/appsec-virtual-patching"
crowdsec  | time="2024-07-08T10:39:55Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec-logs: overwrite"
crowdsec  | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec-vpatch: overwrite"
crowdsec  | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec_base: overwrite"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/virtual-patching: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-configs: crowdsecurity/virtual-patching"
crowdsec  | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec-default: overwrite"
crowdsec  | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/base-config: overwrite"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-env-access: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-env-access"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-40044: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-40044"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2017-9841: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2017-9841"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2020-11738: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-11738"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-27926: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-27926"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-35914: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-35914"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-46169: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-46169"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-20198: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-20198"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-22515: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22515"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-33617: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-33617"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-34362: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-34362"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-3519: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-3519"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-42793: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-42793"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-50164: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-50164"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-38205: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-38205"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-24489: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-24489"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2021-3129: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-3129"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2021-22941: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-22941"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2019-12989: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-12989"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-44877: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-44877"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2018-10562: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-10562"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6553: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6553"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2018-1000861: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-1000861"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2019-1003030: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-1003030"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-22965: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22965"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23752: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23752"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-49070: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-49070"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-laravel-debug-mode: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-laravel-debug-mode"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-28121: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-28121"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2020-17496: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-17496"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-1389: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-1389"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-7028: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-7028"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-46805: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-46805"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-23897: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-23897"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-22527: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22527"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-35078: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35078"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-35082: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35082"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-22954: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22954"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-1212: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1212"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-symfony-profiler: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-symfony-profiler"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-connectwise-auth-bypass: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-connectwise-auth-bypass"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-22024: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-22024"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-27198: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-27198"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-3273: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-3273"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/appsec-virtual-patching: OK"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Enabled crowdsecurity/appsec-virtual-patching"
crowdsec  | time="2024-07-08T10:39:56Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/appsec-wordpress"
crowdsec  | time="2024-07-08T10:39:56Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:39:57Z" level=warning msg="crowdsecurity/virtual-patching: overwrite"
crowdsec  | time="2024-07-08T10:39:57Z" level=warning msg="crowdsecurity/base-config: overwrite"
crowdsec  | time="2024-07-08T10:39:57Z" level=info msg="crowdsecurity/vpatch-CVE-2023-0600: OK"
crowdsec  | time="2024-07-08T10:39:57Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0600"
crowdsec  | time="2024-07-08T10:39:57Z" level=info msg="crowdsecurity/vpatch-CVE-2023-0900: OK"
crowdsec  | time="2024-07-08T10:39:57Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0900"
crowdsec  | time="2024-07-08T10:39:57Z" level=info msg="crowdsecurity/vpatch-CVE-2023-2009: OK"
crowdsec  | time="2024-07-08T10:39:57Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-2009"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23488: OK"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23488"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23489: OK"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23489"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-4634: OK"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-4634"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6360: OK"
crowdsec  | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6360"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6567: OK"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6567"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6623: OK"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6623"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2024-1061: OK"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1061"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2024-1071: OK"
crowdsec  | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1071"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/appsec-wordpress: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled collections: crowdsecurity/appsec-wordpress"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled crowdsecurity/appsec-wordpress"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/wordpress"
crowdsec  | time="2024-07-08T10:40:00Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/http-bf-wordpress_bf: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled scenarios: crowdsecurity/http-bf-wordpress_bf"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/http-wordpress_wpconfig: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_wpconfig"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/http-wordpress_user-enum: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_user-enum"
crowdsec  | time="2024-07-08T10:40:00Z" level=warning msg="crowdsecurity/http-wordpress-scan: overwrite"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/wordpress: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled collections: crowdsecurity/wordpress"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled crowdsecurity/wordpress"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | Running: cscli  collections install "crowdsecurity/discord-crawler-whitelist"
crowdsec  | time="2024-07-08T10:40:00Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections."
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/discord-crawler-whitelist: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled postoverflows: crowdsecurity/discord-crawler-whitelist"
crowdsec  | time="2024-07-08T10:40:00Z" level=warning msg="crowdsecurity/rdns: overwrite"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/discord-crawler-whitelist: OK"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled collections: crowdsecurity/discord-crawler-whitelist"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled crowdsecurity/discord-crawler-whitelist"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Enabled feature flags: <none>"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Crowdsec v1.6.1-c6e40191"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Loading prometheus collectors"
crowdsec  | time="2024-07-08T10:40:00Z" level=info msg="Loading CAPI manager"
crowdsec  | time="2024-07-08T10:40:01Z" level=info msg="CAPI manager configured successfully"
crowdsec  | time="2024-07-08T10:40:01Z" level=info msg="Start push to CrowdSec Central API (interval: 14s once, then 10s)"
crowdsec  | time="2024-07-08T10:40:01Z" level=info msg="Start sending metrics to CrowdSec Central API (interval: 25m11s once, then 30m0s)"
crowdsec  | time="2024-07-08T10:40:01Z" level=warning msg="scenario list is empty, will not pull yet"
crowdsec  | time="2024-07-08T10:40:01Z" level=info msg="CrowdSec Local API listening on 0.0.0.0:8080"
crowdsec  | time="2024-07-08T10:40:01Z" level=info msg="capi metrics: sending"
crowdsec  | time="2024-07-08T10:40:01Z" level=info msg="Loading grok library /etc/crowdsec/patterns"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loading enrich plugins"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'GeoIpCity'"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'GeoIpASN'"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'IpToRange'"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'reverse_dns'"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'ParseDate'"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loading parsers from 10 files"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/caddy-logs.yaml stage=s01-parse
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 11 nodes from 3 stages"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loading postoverflow parsers"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s00-enrich/rdns.yaml stage=s00-enrich
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml stage=s01-whitelist
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/discord-crawler-whitelist.yaml stage=s01-whitelist
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml stage=s01-whitelist
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 4 nodes from 2 stages"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loading 51 scenario files"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=wild-night name=crowdsecurity/CVE-2019-18935
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=wispy-voice name=crowdsecurity/http-wordpress-scan
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=proud-dew name=crowdsecurity/netgear_rce
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=red-sound name=crowdsecurity/http-admin-interface-probing
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=snowy-shadow name=crowdsecurity/jira_cve-2021-26086
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=green-morning name=crowdsecurity/http-wordpress_user-enum
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=broken-cloud name=crowdsecurity/vmware-cve-2022-22954
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=delicate-lake name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=holy-shape name=crowdsecurity/fortinet-cve-2022-40684
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=sparkling-tree name=crowdsecurity/http-cve-2021-41773
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=hidden-breeze name=crowdsecurity/CVE-2023-22515
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=green-field name=crowdsecurity/CVE-2023-22518
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=floral-river name=crowdsecurity/http-open-proxy
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=patient-glitter name=crowdsecurity/http-path-traversal-probing
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=misty-pine name=crowdsecurity/http-crawl-non_statics
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=wispy-sound name=crowdsecurity/http-dos-invalid-http-versions
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=proud-frog name=crowdsecurity/CVE-2022-26134
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=bitter-bird name=crowdsecurity/CVE-2022-35914
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=spring-pond name=crowdsecurity/CVE-2022-42889
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=polished-dust name=crowdsecurity/f5-big-ip-cve-2020-5902
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=empty-resonance name=crowdsecurity/http-cve-2021-42013
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=polished-darkness name=crowdsecurity/CVE-2022-37042
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=polished-sun name=crowdsecurity/http-dos-bypass-cache
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=lingering-mountain name=crowdsecurity/CVE-2017-9841
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=crimson-frog name=crowdsecurity/ssh-bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=solitary-thunder name=crowdsecurity/ssh-bf_user-enum
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=restless-waterfall name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=still-glade name=crowdsecurity/CVE-2023-49103
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=delicate-feather name=crowdsecurity/CVE-2022-44877
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=empty-mountain name=crowdsecurity/http-bf-wordpress_bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=old-voice name=ltsich/http-w00tw00t
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=rough-wind name=crowdsecurity/thinkphp-cve-2018-20062
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=lively-breeze name=crowdsecurity/http-dos-random-uri
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=weathered-glitter name=crowdsecurity/apache_log4j2_cve-2021-44228
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=fragrant-paper name=crowdsecurity/http-probing
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=delicate-mountain name=crowdsecurity/fortinet-cve-2018-13379
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=throbbing-dawn name=crowdsecurity/grafana-cve-2021-43798
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=dawn-haze name=crowdsecurity/http-sensitive-files
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=patient-dew name=crowdsecurity/appsec-vpatch
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=damp-sun name=crowdsecurity/http-generic-bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=bitter-snowflake name=LePresidente/http-generic-401-bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=late-star name=LePresidente/http-generic-403-bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=dawn-firefly name=crowdsecurity/http-xss-probbing
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=icy-haze name=crowdsecurity/CVE-2022-41082
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=proud-shadow name=crowdsecurity/CVE-2022-41697
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=patient-firefly name=crowdsecurity/http-dos-swithcing-ua
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=summer-butterfly name=crowdsecurity/CVE-2022-46169-bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=silent-pine name=crowdsecurity/CVE-2022-46169-cmd
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=delicate-firefly name=crowdsecurity/http-bad-user-agent
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=purple-pond name=crowdsecurity/http-sqli-probbing-detection
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=broken-snow name=crowdsecurity/http-cve-probing
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=cold-violet name=crowdsecurity/http-wordpress_wpconfig
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=solitary-frog name=crowdsecurity/ssh-slow-bf
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=quiet-dream name=crowdsecurity/ssh-slow-bf_user-enum
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=falling-water name=crowdsecurity/http-backdoors-attempts
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=snowy-rain name=crowdsecurity/spring4shell_cve-2022-22965
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Loaded 56 scenarios"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23488 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1061 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-4634 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-0900 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6360 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1071 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/base-config to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-2009 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-0600 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/crs to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6567 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6623 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23489 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
crowdsec  | time="2024-07-08T10:40:02Z" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
crowdsec  | time="2024-07-08T10:40:02Z" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding file /var/log/auth.log to datasources" type=file
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Adding file /var/log/syslog to datasources" type=file
crowdsec  | time="2024-07-08T10:40:02Z" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:02 UTC] \"POST /v1/watchers/login HTTP/1.1 200 70.575933ms \"crowdsec/v1.6.1-c6e40191\" \""
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Starting processing data"
crowdsec  | time="2024-07-08T10:40:02Z" level=info msg="Starting community-blocklist update"
crowdsec  | time="2024-07-08T10:40:03Z" level=info msg="capi/community-blocklist : 0 explicit deletions"
crowdsec  | time="2024-07-08T10:40:03Z" level=info msg="capi/community-blocklist : received 0 new entries (expected if you just installed crowdsec)"
crowdsec  | time="2024-07-08T10:40:03Z" level=info msg="Start pull from CrowdSec Central API (interval: 2h1m9s once, then 2h0m0s)"
crowdsec  | time="2024-07-08T10:40:09Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:09 UTC] \"POST /v1/watchers/login HTTP/1.1 200 69.826588ms \"crowdsec/v1.6.1-c6e40191\" \""
crowdsec  | time="2024-07-08T10:40:20Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:20 UTC] \"POST /v1/watchers/login HTTP/1.1 200 60.985393ms \"crowdsec/v1.6.1-c6e40191\" \""
crowdsec  | time="2024-07-08T10:40:30Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:30 UTC] \"POST /v1/watchers/login HTTP/1.1 200 65.641902ms \"crowdsec/v1.6.1-c6e40191\" \""

[Simbiat]

Here are my logs

2024-07-08 14:55:49 Populating configuration directory...
2024-07-08 14:55:49 sending incremental file list
2024-07-08 14:55:49 config.yaml
2024-07-08 14:55:49 console.yaml
2024-07-08 14:55:49 dev.yaml
2024-07-08 14:55:49 local_api_credentials.yaml
2024-07-08 14:55:49 profiles.yaml
2024-07-08 14:55:49 simulation.yaml
2024-07-08 14:55:49 user.yaml
2024-07-08 14:55:49 acquis.d/
2024-07-08 14:55:49 appsec-configs/
2024-07-08 14:55:49 appsec-rules/
2024-07-08 14:55:49 collections/
2024-07-08 14:55:49 collections/linux.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/linux.yaml
2024-07-08 14:55:49 collections/sshd.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/sshd.yaml
2024-07-08 14:55:49 console/
2024-07-08 14:55:49 console/context.yaml
2024-07-08 14:55:49 contexts/
2024-07-08 14:55:49 contexts/bf_base.yaml -> /etc/crowdsec/hub/contexts/crowdsecurity/bf_base.yaml
2024-07-08 14:55:49 hub/
2024-07-08 14:55:49 hub/.index.json
2024-07-08 14:55:49 hub/appsec-configs/
2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/
2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/appsec-default.yaml
2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/crs.yaml
2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/generic-rules.yaml
2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/virtual-patching.yaml
2024-07-08 14:55:49 hub/appsec-rules/
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/base-config.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/crs.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/generic-freemarker-ssti.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2018-1000861.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2018-10562.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2019-1003030.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2020-17496.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-22954.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-22965.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-0600.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-0900.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-1389.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-2009.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-22527.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-23488.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-23489.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-23752.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-28121.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-35078.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-35082.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-4634.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-46805.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-49070.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6360.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6553.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6567.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6623.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-7028.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-1061.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-1071.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-22024.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-23897.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-27198.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-3273.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-connectwise-auth-bypass.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-env-access.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-laravel-debug-mode.yaml
2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-symfony-profiler.yaml
2024-07-08 14:55:49 hub/collections/
2024-07-08 14:55:49 hub/collections/Dominic-Wagner/
2024-07-08 14:55:49 hub/collections/Dominic-Wagner/vaultwarden.yml
2024-07-08 14:55:49 hub/collections/LePresidente/
2024-07-08 14:55:49 hub/collections/LePresidente/adguardhome.yml
2024-07-08 14:55:49 hub/collections/LePresidente/authelia.yml
2024-07-08 14:55:49 hub/collections/LePresidente/emby.yml
2024-07-08 14:55:49 hub/collections/LePresidente/gitea.yml
2024-07-08 14:55:49 hub/collections/LePresidente/grafana.yml
2024-07-08 14:55:49 hub/collections/LePresidente/harbor.yml
2024-07-08 14:55:49 hub/collections/LePresidente/jellyfin.yml
2024-07-08 14:55:49 hub/collections/LePresidente/jellyseerr.yml
2024-07-08 14:55:49 hub/collections/LePresidente/ombi.yml
2024-07-08 14:55:49 hub/collections/LePresidente/overseerr.yml
2024-07-08 14:55:49 hub/collections/LePresidente/redmine.yml
2024-07-08 14:55:49 hub/collections/MariuszKociubinski/
2024-07-08 14:55:49 hub/collections/MariuszKociubinski/bitwarden.yaml
2024-07-08 14:55:49 hub/collections/ZoeyVid/
2024-07-08 14:55:49 hub/collections/ZoeyVid/npmplus.yaml
2024-07-08 14:55:49 hub/collections/a1ad/
2024-07-08 14:55:49 hub/collections/a1ad/meshcentral.yml
2024-07-08 14:55:49 hub/collections/a1ad/mikrotik.yml
2024-07-08 14:55:49 hub/collections/aidalinfo/
2024-07-08 14:55:49 hub/collections/aidalinfo/couchdb.yaml
2024-07-08 14:55:49 hub/collections/andreasbrett/
2024-07-08 14:55:49 hub/collections/andreasbrett/baikal.yml
2024-07-08 14:55:49 hub/collections/andreasbrett/paperless-ngx.yml
2024-07-08 14:55:49 hub/collections/andreasbrett/webmin.yml
2024-07-08 14:55:49 hub/collections/baudneo/
2024-07-08 14:55:49 hub/collections/baudneo/gotify.yaml
2024-07-08 14:55:49 hub/collections/baudneo/zoneminder.yaml
2024-07-08 14:55:49 hub/collections/baudneo/zoneminder_http-cve.yaml
2024-07-08 14:55:49 hub/collections/corvese/
2024-07-08 14:55:49 hub/collections/corvese/apache-guacamole.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/
2024-07-08 14:55:49 hub/collections/crowdsecurity/amavis.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/apache2.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/apiscp.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-crs.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-generic-rules.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-virtual-patching.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-wordpress.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/asterisk.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/auditd.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-cis-benchmark.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-cloudfront.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-console.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-postexploit.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/base-http-scenarios.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/caddy.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/cpanel.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/discord-crawler-whitelist.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/dovecot.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/endlessh.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/exchange.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/exim.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/fastly.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/freebsd.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/freeswitch.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/haproxy.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/home-assistant.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/http-cve.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/http-dos.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/iis.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/iptables.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/k8s-audit.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/kasm.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/linux-lpe.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/linux.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/litespeed.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/magento.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/mariadb.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/modsecurity.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/mssql.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/mysql.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/naxsi.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/nextcloud.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/nginx-proxy-manager.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/nginx.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/odoo.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/opnsense-gui.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/opnsense.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/palo-alto.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/pfsense-gui.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/pfsense.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/pgsql.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/postfix.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/proftpd.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/smb.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/sshd-impossible-travel.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/sshd.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/supabase-compose.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/suricata.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/synology-dsm.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/teamspeak3.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/teleport.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/thehive.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/traefik.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/unifi.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/vsftpd.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/whitelist-good-actors.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/whm.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/windows-cve.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/windows-firewall.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/windows.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/wireguard.yaml
2024-07-08 14:55:49 hub/collections/crowdsecurity/wordpress.yaml
2024-07-08 14:55:49 hub/collections/darkclip/
2024-07-08 14:55:49 hub/collections/darkclip/charon-ipsec.yaml
2024-07-08 14:55:49 hub/collections/firewallservices/
2024-07-08 14:55:49 hub/collections/firewallservices/lemonldap-ng.yaml
2024-07-08 14:55:49 hub/collections/firewallservices/pf.yaml
2024-07-08 14:55:49 hub/collections/firewallservices/zimbra.yaml
2024-07-08 14:55:49 hub/collections/firix/
2024-07-08 14:55:49 hub/collections/firix/authentik.yaml
2024-07-08 14:55:49 hub/collections/fulljackz/
2024-07-08 14:55:49 hub/collections/fulljackz/proxmox.yaml
2024-07-08 14:55:49 hub/collections/fulljackz/pureftpd.yaml
2024-07-08 14:55:49 hub/collections/gauth-fr/
2024-07-08 14:55:49 hub/collections/gauth-fr/immich.yml
2024-07-08 14:55:49 hub/collections/hitech95/
2024-07-08 14:55:49 hub/collections/hitech95/nginx-mail.yaml
2024-07-08 14:55:49 hub/collections/inherent-io/
2024-07-08 14:55:49 hub/collections/inherent-io/keycloak.yaml
2024-07-08 14:55:49 hub/collections/jbowdre/
2024-07-08 14:55:49 hub/collections/jbowdre/miniflux.yml
2024-07-08 14:55:49 hub/collections/jusabatier/
2024-07-08 14:55:49 hub/collections/jusabatier/apereo-cas.yaml
2024-07-08 14:55:49 hub/collections/lourys/
2024-07-08 14:55:49 hub/collections/lourys/pterodactyl.yaml
2024-07-08 14:55:49 hub/collections/mstilkerich/
2024-07-08 14:55:49 hub/collections/mstilkerich/bind9.yaml
2024-07-08 14:55:49 hub/collections/mwinters-stuff/
2024-07-08 14:55:49 hub/collections/mwinters-stuff/mailu-admin.yaml
2024-07-08 14:55:49 hub/collections/openappsec/
2024-07-08 14:55:49 hub/collections/openappsec/openappsec.yaml
2024-07-08 14:55:49 hub/collections/schiz0phr3ne/
2024-07-08 14:55:49 hub/collections/schiz0phr3ne/prowlarr.yaml
2024-07-08 14:55:49 hub/collections/schiz0phr3ne/radarr.yaml
2024-07-08 14:55:49 hub/collections/schiz0phr3ne/sonarr.yaml
2024-07-08 14:55:49 hub/collections/thespad/
2024-07-08 14:55:49 hub/collections/thespad/sshesame.yaml
2024-07-08 14:55:49 hub/collections/timokoessler/
2024-07-08 14:55:49 hub/collections/timokoessler/gitlab.yaml
2024-07-08 14:55:49 hub/collections/timokoessler/mongodb.yaml
2024-07-08 14:55:49 hub/collections/timokoessler/uptime-kuma.yaml
2024-07-08 14:55:49 hub/collections/xs539/
2024-07-08 14:55:49 hub/collections/xs539/bookstack.yml
2024-07-08 14:55:49 hub/collections/xs539/joplin-server.yml
2024-07-08 14:55:49 hub/contexts/
2024-07-08 14:55:49 hub/contexts/crowdsecurity/
2024-07-08 14:55:49 hub/contexts/crowdsecurity/appsec_base.yaml
2024-07-08 14:55:49 hub/contexts/crowdsecurity/bf_base.yaml
2024-07-08 14:55:49 hub/contexts/crowdsecurity/firewall_base.yaml
2024-07-08 14:55:49 hub/contexts/crowdsecurity/http_base.yaml
2024-07-08 14:55:49 hub/contexts/crowdsecurity/palo_alto.yaml
2024-07-08 14:55:49 hub/parsers/
2024-07-08 14:55:49 hub/parsers/s00-raw/
2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/
2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/cri-logs.yaml
2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/docker-logs.yaml
2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/unifi-logs.yaml
2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/windows-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/
2024-07-08 14:55:49 hub/parsers/s01-parse/Dominic-Wagner/
2024-07-08 14:55:49 hub/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/adguardhome-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/authelia-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/emby-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/gitea-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/grafana-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/harbor-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/jellyfin-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/jellyseerr-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/ombi-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/overseerr-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/redmine-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/MariuszKociubinski/
2024-07-08 14:55:49 hub/parsers/s01-parse/MariuszKociubinski/bitwarden-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/Zaulao/
2024-07-08 14:55:49 hub/parsers/s01-parse/Zaulao/aws-alb.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/ZoeyVid/
2024-07-08 14:55:49 hub/parsers/s01-parse/ZoeyVid/npmplus-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/a1ad/
2024-07-08 14:55:49 hub/parsers/s01-parse/a1ad/meshcentral-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/a1ad/mikrotik-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/aderumier/
2024-07-08 14:55:49 hub/parsers/s01-parse/aderumier/proxmox-iptables-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/aidalinfo/
2024-07-08 14:55:49 hub/parsers/s01-parse/aidalinfo/couchdb-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/aidalinfo/tcpudp-flood-traefik.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/
2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/baikal-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/paperless-ngx-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/webmin-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/baudneo/
2024-07-08 14:55:49 hub/parsers/s01-parse/baudneo/gotify-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/baudneo/zoneminder-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/corvese/
2024-07-08 14:55:49 hub/parsers/s01-parse/corvese/apache-guacamole-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/amavis-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/apache2-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/appsec-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/asterisk-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/auditd-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/aws-cloudfront.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/aws-cloudtrail.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/caddy-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/configserver-lfd-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/cpanel-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/dropbear-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/endlessh-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exchange-imap-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exchange-pop-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exchange-smtp-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exim-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/fastly-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/freeswitch.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/haproxy-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/home-assistant-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/iis-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/iptables-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/k8s-audit.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/kasm-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/laurel-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/litespeed-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/magento-extension-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/mariadb-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/modsecurity.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/mssql-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/mysql-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/nextcloud-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/nginx-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/nginx-proxy-manager-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/odoo-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/opnsense-gui-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/palo-alto-threat-log.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pam-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pfsense-gui-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pgsql-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pkexec-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/postfix-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/proftpd-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/segfault-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/smb-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/sshd-success-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/supabase-docker-pgsql.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/suricata-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/sysmon-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/teamspeak3-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/teleport-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/thehive-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/windows-auth.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/windows-firewall-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/wireguard-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/darkclip/
2024-07-08 14:55:49 hub/parsers/s01-parse/darkclip/charon-ipsec-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/
2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/lemonldap-ng.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/pf-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/zimbra-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/firix/
2024-07-08 14:55:49 hub/parsers/s01-parse/firix/authentik-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/fulljackz/
2024-07-08 14:55:49 hub/parsers/s01-parse/fulljackz/proxmox-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/fulljackz/pureftpd-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/gauth-fr/
2024-07-08 14:55:49 hub/parsers/s01-parse/gauth-fr/immich-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/hitech95/
2024-07-08 14:55:49 hub/parsers/s01-parse/hitech95/nginx-mail-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/inherent-io/
2024-07-08 14:55:49 hub/parsers/s01-parse/inherent-io/keycloak-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/jbowdre/
2024-07-08 14:55:49 hub/parsers/s01-parse/jbowdre/miniflux-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/jusabatier/
2024-07-08 14:55:49 hub/parsers/s01-parse/jusabatier/apereo-cas-audit-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/lourys/
2024-07-08 14:55:49 hub/parsers/s01-parse/lourys/pterodactyl-wings-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/mstilkerich/
2024-07-08 14:55:49 hub/parsers/s01-parse/mstilkerich/bind9-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/mwinters-stuff/
2024-07-08 14:55:49 hub/parsers/s01-parse/mwinters-stuff/mailu-admin-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/openappsec/
2024-07-08 14:55:49 hub/parsers/s01-parse/openappsec/openappsec-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/
2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/prowlarr-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/radarr-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/sonarr-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/thespad/
2024-07-08 14:55:49 hub/parsers/s01-parse/thespad/sshesame-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/
2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/gitlab-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/mongodb-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/uptime-kuma-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/xs539/
2024-07-08 14:55:49 hub/parsers/s01-parse/xs539/bookstack-logs.yaml
2024-07-08 14:55:49 hub/parsers/s01-parse/xs539/joplin-server-logs.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/http-logs.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/jellyfin-whitelist.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml
2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
2024-07-08 14:55:49 hub/postoverflows/
2024-07-08 14:55:49 hub/postoverflows/s00-enrich/
2024-07-08 14:55:49 hub/postoverflows/s00-enrich/crowdsecurity/
2024-07-08 14:55:49 hub/postoverflows/s00-enrich/crowdsecurity/ipv6_to_range.yaml
2024-07-08 14:55:49 hub/postoverflows/s00-enrich/crowdsecurity/rdns.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/auditd-nvm-whitelist-process.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/auditd-whitelisted-process.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/cdn-qc-whitelsit.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/cookiebot-whitelist.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/discord-crawler-whitelist.yaml
2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml
2024-07-08 14:55:49 hub/scenarios/
2024-07-08 14:55:49 hub/scenarios/Dominic-Wagner/
2024-07-08 14:55:49 hub/scenarios/Dominic-Wagner/vaultwarden-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/
2024-07-08 14:55:49 hub/scenarios/LePresidente/adguardhome-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/authelia-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/emby-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/gitea-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/grafana-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/harbor-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/jellyfin-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/jellyseerr-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/ombi-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/overseerr-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/redmine-bf.yaml
2024-07-08 14:55:49 hub/scenarios/LePresidente/ssh-bad-keyexchange-bf.yaml
2024-07-08 14:55:49 hub/scenarios/MariuszKociubinski/
2024-07-08 14:55:49 hub/scenarios/MariuszKociubinski/bitwarden-bf.yaml
2024-07-08 14:55:49 hub/scenarios/a1ad/
2024-07-08 14:55:49 hub/scenarios/a1ad/meshcentral-bf.yaml
2024-07-08 14:55:49 hub/scenarios/a1ad/mikrotik-bf.yaml
2024-07-08 14:55:49 hub/scenarios/a1ad/mikrotik-scan-multi_ports.yaml
2024-07-08 14:55:49 hub/scenarios/aidalinfo/
2024-07-08 14:55:49 hub/scenarios/aidalinfo/couchdb-bf.yaml
2024-07-08 14:55:49 hub/scenarios/aidalinfo/couchdb-crawl.yaml
2024-07-08 14:55:49 hub/scenarios/aidalinfo/tcpudp-flood-traefik.yaml
2024-07-08 14:55:49 hub/scenarios/andreasbrett/
2024-07-08 14:55:49 hub/scenarios/andreasbrett/baikal-bf.yaml
2024-07-08 14:55:49 hub/scenarios/andreasbrett/paperless-ngx-bf.yaml
2024-07-08 14:55:49 hub/scenarios/andreasbrett/webmin-bf.yaml
2024-07-08 14:55:49 hub/scenarios/baudneo/
2024-07-08 14:55:49 hub/scenarios/baudneo/gotify-bf.yaml
2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder-bf.yaml
2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder_cve-2022-39285.yaml
2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder_cve-2022-39290.yaml
2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder_cve-2022-39291.yaml
2024-07-08 14:55:49 hub/scenarios/corvese/
2024-07-08 14:55:49 hub/scenarios/corvese/apache-guacamole_bf.yaml
2024-07-08 14:55:49 hub/scenarios/corvese/apache-guacamole_user_enum.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2017-9841.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2019-18935.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2021-4034.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-26134.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-35914.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-37042.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-40684.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-41082.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-41697.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-42889.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-44877.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-46169.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-22515.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-22518.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-23397.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-49103.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-4911.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/amavis-blocked.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/appsec-vpatch.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/asterisk_bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/asterisk_user_enum.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-base64-exec-behavior.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-postexploit-exec-from-net.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-postexploit-pkill.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-postexploit-rm.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-suid-crash.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-sus-exec.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-cloudtrail-config-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-config-config-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-console-auth-fail.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-iam-policy-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-kms-deletion.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-login-no-mfa.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-nacl-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-ngw-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-root-usage.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-route-table-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-s3-policy-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-security-group-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-unauthorized-call.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-vpc-change.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cloudtrail-postexploit.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-nwo-login.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ban-defcon-drop_range.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/configserver-lfd-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/cpanel-bf-attempt.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/cpanel-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/crowdsec-appsec-inband.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/dovecot-spam.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/endlessh-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/exchange-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/exim-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/exim-spam.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/freeswitch-acl-reject.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/freeswitch-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/freeswitch-user-enumeration.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/grafana-cve-2021-43798.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/home-assistant-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-admin-interface-probing.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-apiscp-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-backdoors-attempts.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-bad-user-agent.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-bf-wordpress_bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-crawl-non_statics.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-cve-2021-41773.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-cve-2021-42013.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-cve-probing.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-bypass-cache.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-invalid-http-versions.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-random-uri.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-switching-ua.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-generic-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-ccs-by-as.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-ccs-by-country.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-ccs.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-open-proxy.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-path-traversal-probing.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-probing.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-sensitive-files.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-sqli-probing.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-wordpress-scan.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-wordpress_user-enum.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-wordpress_wpconfig.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-xss-probing.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/impossible-travel-user.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/impossible-travel.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/jira_cve-2021-26086.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-anonymous-access.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-api-server-bruteforce.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-pod-exec.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-pod-host-network.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-pod-host-path-volume.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-privileged-pod-creation.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-service-account-access-denied.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/kasm-bruteforce.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/litespeed-admin-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/mariadb-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/modsecurity.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/mssql-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/mysql-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/netgear_rce.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/nextcloud-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/nginx-req-limit-exceeded.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/odoo-bf_user-enum.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/opnsense-gui-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/palo-alto-threat.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pfsense-gui-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pgsql-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pgsql-user-enum.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/postfix-spam.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/proftpd-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/proftpd-bf_user-enum.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pulse-secure-sslvpn-cve-2019-11510.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/smb-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/spring4shell_cve-2022-22965.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ssh-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ssh-slow-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/suricata-alerts.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/synology-dsm-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/teamspeak3-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/teleport-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/telnet-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/thehive-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/thinkphp-cve-2018-20062.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/vmware-cve-2022-22954.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/vmware-vcenter-vmsa-2021-0027.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/vsftpd-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/windows-CVE-2022-30190-msdt.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/windows-bf.yaml
2024-07-08 14:55:49 hub/scenarios/crowdsecurity/wireguard-auth.yaml
2024-07-08 14:55:49 hub/scenarios/darkclip/
2024-07-08 14:55:49 hub/scenarios/darkclip/charon-ipsec-bf.yaml
2024-07-08 14:55:49 hub/scenarios/darkclip/charon-ipsec-slow-bf.yaml
2024-07-08 14:55:49 hub/scenarios/firewallservices/
2024-07-08 14:55:49 hub/scenarios/firewallservices/lemonldap-ng-bf.yaml
2024-07-08 14:55:49 hub/scenarios/firewallservices/pf-scan-multi_ports.yaml
2024-07-08 14:55:49 hub/scenarios/firewallservices/zimbra-bf.yaml
2024-07-08 14:55:49 hub/scenarios/firix/
2024-07-08 14:55:49 hub/scenarios/firix/authentik-bf.yaml
2024-07-08 14:55:49 hub/scenarios/fulljackz/
2024-07-08 14:55:49 hub/scenarios/fulljackz/proxmox-bf.yaml
2024-07-08 14:55:49 hub/scenarios/fulljackz/pureftpd-bf.yaml
2024-07-08 14:55:49 hub/scenarios/gauth-fr/
2024-07-08 14:55:49 hub/scenarios/gauth-fr/immich-bf.yaml
2024-07-08 14:55:49 hub/scenarios/hitech95/
2024-07-08 14:55:49 hub/scenarios/hitech95/mail-generic-bf.yaml
2024-07-08 14:55:49 hub/scenarios/inherent-io/
2024-07-08 14:55:49 hub/scenarios/inherent-io/keycloak-bf.yaml
2024-07-08 14:55:49 hub/scenarios/inherent-io/keycloak-slow-bf.yaml
2024-07-08 14:55:49 hub/scenarios/jbowdre/
2024-07-08 14:55:49 hub/scenarios/jbowdre/miniflux-bf.yaml
2024-07-08 14:55:49 hub/scenarios/jusabatier/
2024-07-08 14:55:49 hub/scenarios/jusabatier/apereo-cas-bf.yaml
2024-07-08 14:55:49 hub/scenarios/jusabatier/apereo-cas-slow-bf.yaml
2024-07-08 14:55:49 hub/scenarios/jusabatier/cas-slow-bf.yaml
2024-07-08 14:55:49 hub/scenarios/lourys/
2024-07-08 14:55:49 hub/scenarios/lourys/pterodactyl-wings-bf.yaml
2024-07-08 14:55:49 hub/scenarios/ltsich/
2024-07-08 14:55:49 hub/scenarios/ltsich/http-w00tw00t.yaml
2024-07-08 14:55:49 hub/scenarios/mstilkerich/
2024-07-08 14:55:49 hub/scenarios/mstilkerich/bind9-refused.yaml
2024-07-08 14:55:49 hub/scenarios/mwinters-stuff/
2024-07-08 14:55:49 hub/scenarios/mwinters-stuff/mailu-admin-bf.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-bot-protection.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-cross-site-redirect.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-csrf.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-error-disclosure.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-error-limit.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-evasion-techniques.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-general.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-http-limit-violation.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-http-method-violation.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-ldap-injection.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-open-redirect.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-path-traversal.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-probing.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-rce.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-request-rate-limit.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-schema-validation.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-sql-injection.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-url-instead-of-file.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-xss.yaml
2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-xxe.yaml
2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/
2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/prowlarr-bf.yaml
2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/radarr-bf.yaml
2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/sonarr-bf.yaml
2024-07-08 14:55:49 hub/scenarios/thespad/
2024-07-08 14:55:49 hub/scenarios/thespad/sshesame-honeypot.yaml
2024-07-08 14:55:49 hub/scenarios/timokoessler/
2024-07-08 14:55:49 hub/scenarios/timokoessler/gitlab-bf.yaml
2024-07-08 14:55:49 hub/scenarios/timokoessler/mongodb-bf.yaml
2024-07-08 14:55:49 hub/scenarios/timokoessler/uptime-kuma-bf.yaml
2024-07-08 14:55:49 hub/scenarios/xs539/
2024-07-08 14:55:49 hub/scenarios/xs539/bookstack-bf.yaml
2024-07-08 14:55:49 hub/scenarios/xs539/joplin-server-bf.yaml
2024-07-08 14:55:49 notifications/
2024-07-08 14:55:49 notifications/email.yaml
2024-07-08 14:55:49 notifications/http.yaml
2024-07-08 14:55:49 notifications/sentinel.yaml
2024-07-08 14:55:49 notifications/slack.yaml
2024-07-08 14:55:49 notifications/splunk.yaml
2024-07-08 14:55:49 parsers/
2024-07-08 14:55:49 parsers/s00-raw/
2024-07-08 14:55:49 parsers/s00-raw/syslog-logs.yaml -> /etc/crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
2024-07-08 14:55:49 parsers/s01-parse/
2024-07-08 14:55:49 parsers/s01-parse/sshd-logs.yaml -> /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
2024-07-08 14:55:49 parsers/s02-enrich/
2024-07-08 14:55:49 parsers/s02-enrich/dateparse-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
2024-07-08 14:55:49 parsers/s02-enrich/geoip-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
2024-07-08 14:55:49 parsers/s02-enrich/whitelists.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
2024-07-08 14:55:49 patterns/
2024-07-08 14:55:49 patterns/aws
2024-07-08 14:55:49 patterns/bacula
2024-07-08 14:55:49 patterns/bro
2024-07-08 14:55:49 patterns/cowrie_honeypot
2024-07-08 14:55:49 patterns/exim
2024-07-08 14:55:49 patterns/firewalls
2024-07-08 14:55:49 patterns/haproxy
2024-07-08 14:55:49 patterns/java
2024-07-08 14:55:49 patterns/junos
2024-07-08 14:55:49 patterns/linux-syslog
2024-07-08 14:55:49 patterns/mcollective
2024-07-08 14:55:49 patterns/modsecurity
2024-07-08 14:55:49 patterns/mongodb
2024-07-08 14:55:49 patterns/mysql
2024-07-08 14:55:49 patterns/nagios
2024-07-08 14:55:49 patterns/nginx
2024-07-08 14:55:49 patterns/paths
2024-07-08 14:55:49 patterns/postgresql
2024-07-08 14:55:49 patterns/rails
2024-07-08 14:55:49 patterns/redis
2024-07-08 14:55:49 patterns/ruby
2024-07-08 14:55:49 patterns/smb
2024-07-08 14:55:49 patterns/ssh
2024-07-08 14:55:49 patterns/tcpdump
2024-07-08 14:55:49 postoverflows/
2024-07-08 14:55:49 scenarios/
2024-07-08 14:55:49 scenarios/ssh-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml
2024-07-08 14:55:49 scenarios/ssh-slow-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml
2024-07-08 14:55:49 
2024-07-08 14:55:49 sent 1,747,918 bytes  received 11,571 bytes  3,518,978.00 bytes/sec
2024-07-08 14:55:49 total size is 1,703,749  speedup is 0.97
2024-07-08 14:55:49 Generate local agent credentials
2024-07-08 14:55:49 Check if lapi needs to register an additional agent
2024-07-08 14:55:49 sqlite database permissions updated
2024-07-08 14:55:49 Skipping hub update, index file is not in a volume
2024-07-08 14:55:49 /var/lib/crowdsec/data was found in a volume
2024-07-08 14:55:49 Running hub upgrade
2024-07-08 14:55:49 Error: no matches found
2024-07-08 14:55:49 Machine 'localhost' successfully added to the local API.
2024-07-08 14:55:49 API credentials written to '/etc/crowdsec/local_api_credentials.yaml'.
2024-07-08 14:55:50 level=info msg="Upgrading parsers"
2024-07-08 14:55:50 level=info msg="crowdsecurity/whitelists: up-to-date"
2024-07-08 14:55:50 level=info msg="crowdsecurity/syslog-logs: up-to-date"
2024-07-08 14:55:50 level=info msg="crowdsecurity/dateparse-enrich: up-to-date"
2024-07-08 14:55:50 level=info msg="crowdsecurity/geoip-enrich: up-to-date"
2024-07-08 14:55:59 level=info msg="crowdsecurity/sshd-logs: up-to-date"
2024-07-08 14:55:59 level=info msg="Upgraded 0 parsers"
2024-07-08 14:55:59 level=info msg="Upgrading postoverflows"
2024-07-08 14:55:59 level=info msg="Upgraded 0 postoverflows"
2024-07-08 14:55:59 level=info msg="Upgrading scenarios"
2024-07-08 14:55:59 level=info msg="crowdsecurity/ssh-bf: up-to-date"
2024-07-08 14:55:59 level=info msg="crowdsecurity/ssh-slow-bf: up-to-date"
2024-07-08 14:55:59 level=info msg="Upgraded 0 scenarios"
2024-07-08 14:55:59 level=info msg="Upgrading contexts"
2024-07-08 14:55:59 level=info msg="crowdsecurity/bf_base: up-to-date"
2024-07-08 14:55:59 level=info msg="Upgraded 0 contexts"
2024-07-08 14:55:59 level=info msg="Upgrading appsec-configs"
2024-07-08 14:55:59 level=info msg="Upgraded 0 appsec-configs"
2024-07-08 14:55:59 level=info msg="Upgrading appsec-rules"
2024-07-08 14:55:59 level=info msg="Upgraded 0 appsec-rules"
2024-07-08 14:55:59 level=info msg="Upgrading collections"
2024-07-08 14:55:59 level=info msg="crowdsecurity/linux: up-to-date"
2024-07-08 14:55:59 level=info msg="crowdsecurity/sshd: up-to-date"
2024-07-08 14:55:59 level=info msg="Upgraded 0 collections"
2024-07-08 14:55:59 Running: cscli  parsers install "crowdsecurity/docker-logs" 
2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/docker-logs"
2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/docker-logs"
2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:55:59 installed crowdsecurity/docker-logs
2024-07-08 14:55:59 Running: cscli  parsers install "crowdsecurity/cri-logs" 
2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/cri-logs"
2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/cri-logs"
2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:55:59 installed crowdsecurity/cri-logs
2024-07-08 14:55:59 Running: cscli  collections install "crowdsecurity/caddy" 
2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/caddy-logs"
2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/http-logs"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-crawl-non_statics"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-probing"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-bad-user-agent"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-path-traversal-probing"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-sensitive-files"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-sqli-probing"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-xss-probing"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-backdoors-attempts"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: ltsich/http-w00tw00t"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-generic-bf"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-open-proxy"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-admin-interface-probing"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-wordpress-scan"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-cve-probing"
2024-07-08 14:55:59 level=info msg="Enabled contexts: crowdsecurity/http_base"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-41773"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-42013"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/grafana-cve-2021-43798"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/vmware-vcenter-vmsa-2021-0027"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/fortinet-cve-2018-13379"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/pulse-secure-sslvpn-cve-2019-11510"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/f5-big-ip-cve-2020-5902"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/thinkphp-cve-2018-20062"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/apache_log4j2_cve-2021-44228"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/jira_cve-2021-26086"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/spring4shell_cve-2022-22965"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/vmware-cve-2022-22954"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-37042"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41082"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-35914"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-40684"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-26134"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-42889"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41697"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-46169"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-44877"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2019-18935"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/netgear_rce"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22515"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22518"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-49103"
2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2017-9841"
2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/http-cve"
2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
2024-07-08 14:55:59 installed crowdsecurity/caddy
2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/caddy"
2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/caddy"
2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:55:59 Running: cscli  collections install "crowdsecurity/whitelist-good-actors" 
2024-07-08 14:55:59 level=info msg="Enabled postoverflows: crowdsecurity/seo-bots-whitelist"
2024-07-08 14:55:59 level=info msg="Enabled postoverflows: crowdsecurity/cdn-whitelist"
2024-07-08 14:55:59 level=info msg="Enabled postoverflows: crowdsecurity/rdns"
2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/whitelist-good-actors"
2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/whitelist-good-actors"
2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:55:59 installed crowdsecurity/whitelist-good-actors
2024-07-08 14:56:00 Running: cscli  collections install "crowdsecurity/http-cve" 
2024-07-08 14:56:00 level=info msg="Downloaded /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt"
2024-07-08 14:56:00 updated /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt
2024-07-08 14:56:00 updated /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt
2024-07-08 14:56:00 level=info msg="Downloaded /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt"
2024-07-08 14:56:00 level=info msg="Downloaded /var/lib/crowdsec/data/jira_cve_2021-26086.txt"
2024-07-08 14:56:00 updated /var/lib/crowdsec/data/jira_cve_2021-26086.txt
2024-07-08 14:56:01 level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
2024-07-08 14:56:01 level=info msg="Enabled collections: crowdsecurity/http-cve"
2024-07-08 14:56:01 level=info msg="Enabled crowdsecurity/http-cve"
2024-07-08 14:56:01 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:01 installed crowdsecurity/http-cve
2024-07-08 14:56:01 Running: cscli  collections install "crowdsecurity/http-dos" 
2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-bypass-cache"
2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-random-uri"
2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-switching-ua"
2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-invalid-http-versions"
2024-07-08 14:56:01 level=info msg="Enabled collections: crowdsecurity/http-dos"
2024-07-08 14:56:01 level=info msg="Enabled crowdsecurity/http-dos"
2024-07-08 14:56:01 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:01 installed crowdsecurity/http-dos
2024-07-08 14:56:01 Running: cscli  collections install "crowdsecurity/base-http-scenarios" 
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/bad_user_agents.regex.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/bad_user_agents.regex.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/http_path_traversal.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/http_path_traversal.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/sensitive_data.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/sensitive_data.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/sqli_probe_patterns.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/sqli_probe_patterns.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/xss_probe_patterns.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/xss_probe_patterns.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/backdoors.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/backdoors.txt
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/admin_interfaces.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/admin_interfaces.txt"
2024-07-08 14:56:01 updated /var/lib/crowdsec/data/trendy_cves.txt
2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/trendy_cves.txt"
2024-07-08 14:56:02 installed crowdsecurity/base-http-scenarios
2024-07-08 14:56:02 level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/http-cve"
2024-07-08 14:56:02 level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists."
2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/base-http-scenarios"
2024-07-08 14:56:02 level=info msg="Enabled crowdsecurity/base-http-scenarios"
2024-07-08 14:56:02 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:02 Running: cscli  collections install "crowdsecurity/appsec-crs" 
2024-07-08 14:56:02 installed crowdsecurity/appsec-crs
2024-07-08 14:56:02 level=info msg="Enabled parsers: crowdsecurity/appsec-logs"
2024-07-08 14:56:02 level=info msg="Enabled appsec-configs: crowdsecurity/crs"
2024-07-08 14:56:02 level=info msg="Enabled appsec-rules: crowdsecurity/crs"
2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/appsec-crs"
2024-07-08 14:56:02 level=info msg="Enabled crowdsecurity/appsec-crs"
2024-07-08 14:56:02 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:02 Running: cscli  collections install "crowdsecurity/appsec-generic-rules" 
2024-07-08 14:56:02 level=info msg="Enabled scenarios: crowdsecurity/appsec-vpatch"
2024-07-08 14:56:02 level=info msg="Enabled contexts: crowdsecurity/appsec_base"
2024-07-08 14:56:02 level=info msg="Enabled appsec-configs: crowdsecurity/generic-rules"
2024-07-08 14:56:02 level=info msg="Enabled appsec-configs: crowdsecurity/appsec-default"
2024-07-08 14:56:02 level=info msg="Enabled appsec-rules: crowdsecurity/base-config"
2024-07-08 14:56:02 level=info msg="Enabled appsec-rules: crowdsecurity/generic-freemarker-ssti"
2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/appsec-generic-rules"
2024-07-08 14:56:02 level=info msg="Enabled crowdsecurity/appsec-generic-rules"
2024-07-08 14:56:02 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:02 installed crowdsecurity/appsec-generic-rules
2024-07-08 14:56:03 Running: cscli  collections install "crowdsecurity/appsec-virtual-patching" 
2024-07-08 14:56:03 level=info msg="Enabled appsec-configs: crowdsecurity/virtual-patching"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-env-access"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-40044"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2017-9841"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-11738"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-27926"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-35914"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-46169"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-20198"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22515"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-33617"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-34362"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-3519"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-42793"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-50164"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-38205"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-24489"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-3129"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-22941"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-12989"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-44877"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-10562"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6553"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-1000861"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-1003030"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22965"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23752"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-49070"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-laravel-debug-mode"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-28121"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-17496"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-1389"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-7028"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-46805"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-23897"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22527"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35078"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35082"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22954"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1212"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-symfony-profiler"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-connectwise-auth-bypass"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-22024"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-27198"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-3273"
2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching"
2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/appsec-virtual-patching"
2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:03 installed crowdsecurity/appsec-virtual-patching
2024-07-08 14:56:03 Running: cscli  collections install "crowdsecurity/appsec-wordpress" 
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0600"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0900"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-2009"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23488"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23489"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-4634"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6360"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6567"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6623"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1061"
2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1071"
2024-07-08 14:56:03 installed crowdsecurity/appsec-wordpress
2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/appsec-wordpress"
2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/appsec-wordpress"
2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:03 Running: cscli  collections install "crowdsecurity/wordpress" 
2024-07-08 14:56:03 level=info msg="Enabled scenarios: crowdsecurity/http-bf-wordpress_bf"
2024-07-08 14:56:03 level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_wpconfig"
2024-07-08 14:56:03 level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_user-enum"
2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/wordpress"
2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/wordpress"
2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:03 installed crowdsecurity/wordpress
2024-07-08 14:56:03 Running: cscli  collections install "crowdsecurity/discord-crawler-whitelist" 
2024-07-08 14:56:03 installed crowdsecurity/discord-crawler-whitelist
2024-07-08 14:56:03 level=info msg="Enabled postoverflows: crowdsecurity/discord-crawler-whitelist"
2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/discord-crawler-whitelist"
2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/discord-crawler-whitelist"
2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
2024-07-08 14:56:03 Registered bouncer for CADDY
2024-07-08 14:56:03 time="2024-07-08T11:56:03Z" level=info msg="Loading yaml file: '/etc/crowdsec/config.yaml' with additional values from '/etc/crowdsec/config.yaml.local'"

And then from the log file:

time="2024-07-08T11:56:05Z" level=warning msg="Machine is not allowed to synchronize decisions, you can enable it with `cscli console enable console_management`"
time="2024-07-08T11:56:05Z" level=warning msg="scenario list is empty, will not pull yet"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ips.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ip6s.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.regex: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/ip_seo_bots.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="2024-07-08T11:56:06Z" level=warning msg="/var/log/auth.log is a directory, ignoring it." type=file

I do not think it's related to OneDrive, it looks like you did not clear the data directory, because you have

crowdsec  | updated rdns_seo_bots.txt
crowdsec  | updated rdns_seo_bots.regex
crowdsec  | updated ip_seo_bots.txt
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/seo-bots-whitelist"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/cdn-whitelist: OK"
crowdsec  | updated cloudflare_ips.txt
crowdsec  | updated cloudflare_ip6s.txt

in your logs, and I get similar entries only after 2nd launch of container. If data folder is empty at the time of container launch, you will get appropriate warnings.

[LaurenceJJones]

So here is my compose, I dont use volume I just specified a test folder which does not exist:

services:
  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec:v1.6.2
    restart: unless-stopped
    environment:
      GID: 1000
      COLLECTIONS: crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/http-dos crowdsecurity/base-http-scenarios crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-wordpress crowdsecurity/wordpress crowdsecurity/discord-crawler-whitelist
    volumes:
       - ./test/:/var/lib/crowdsec/data/:rw
       #Required to read syslog. This will be valid only on UNIX
       - /var/log/:/var/log/:ro
       #Caddy logs folder is RW, because we're also writing Crowdsec logs here
       - ./logs:/usr/local/logs/:rw
    security_opt:
      - no-new-privileges=true
    healthcheck:
       test: [ "CMD", "cscli", "lapi", "status" ]
       start_period: 120s
       interval: 10s
       timeout: 5s
       retries: 3

Disk check to see there is no test folder

root@bookworm:/tmp# ls -la
total 44
drwxrwxrwt 10 root root 4096 Jul  8 12:23 .
drwxr-xr-x 18 root root 4096 May 15 16:13 ..
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .ICE-unix
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .X11-unix
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .XIM-unix
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .font-unix
drwxr-xr-x  3 root root 4096 Jul  8 10:36 config
-rw-r--r--  1 root root    0 Jul  8 10:37 config.yaml.local
-rw-r--r--  1 root root 1046 Jul  8 10:48 docker-compose.yaml
drwxr-xr-x  2 root root 4096 Jul  8 10:36 logs
drwx------  3 root root 4096 Jul  8 10:35 systemd-private-0640d25d1096422496910f954a1f546b-chrony.service-6lZV62
drwx------  3 root root 4096 Jul  8 10:35 systemd-private-0640d25d1096422496910f954a1f546b-systemd-logind.service-DKpJ5I

Same cant replicate: but what do you mean from And then from the log file: ? as all logs are printed to stdout unless your config.yaml.local has specified to print to a log file?

When the directory is empty you get logs stating it will download them

crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt"
crowdsec  | updated /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt
crowdsec  | updated /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt"
crowdsec  | updated /var/lib/crowdsec/data/jira_cve_2021-26086.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/jira_cve_2021-26086.txt"
crowdsec  | level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
crowdsec  | level=info msg="Enabled collections: crowdsecurity/http-cve"
crowdsec  | level=info msg="Enabled crowdsecurity/http-cve"
crowdsec  | level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | installed crowdsecurity/http-cve
crowdsec  | Running: cscli  collections install "crowdsecurity/http-dos"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-bypass-cache"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-random-uri"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-switching-ua"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-invalid-http-versions"
crowdsec  | level=info msg="Enabled collections: crowdsecurity/http-dos"
crowdsec  | level=info msg="Enabled crowdsecurity/http-dos"
crowdsec  | level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | installed crowdsecurity/http-dos
crowdsec  | Running: cscli  collections install "crowdsecurity/base-http-scenarios"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/bad_user_agents.regex.txt"
crowdsec  | updated /var/lib/crowdsec/data/bad_user_agents.regex.txt
crowdsec  | updated /var/lib/crowdsec/data/http_path_traversal.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/http_path_traversal.txt"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/sensitive_data.txt"
crowdsec  | updated /var/lib/crowdsec/data/sensitive_data.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/sqli_probe_patterns.txt"
crowdsec  | updated /var/lib/crowdsec/data/sqli_probe_patterns.txt
crowdsec  | updated /var/lib/crowdsec/data/xss_probe_patterns.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/xss_probe_patterns.txt"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/backdoors.txt"
crowdsec  | updated /var/lib/crowdsec/data/backdoors.txt
crowdsec  | updated /var/lib/crowdsec/data/admin_interfaces.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/admin_interfaces.txt"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/trendy_cves.txt"

The wording updated is misleading it just means the file was modified.

[Simbiat]

My config.yaml.local is pointing to a file, yes. Interesting, that your logs do not have a line like

2024-07-08 14:55:49 hub/collections/crowdsecurity/whitelist-good-actors.yaml

when configs are being copied. Some difference in the image? latest seems to be the same as 1.6.2, though, from what I see 🤔

[LaurenceJJones]

Managed to replicate the error by setting config.yaml.local to log to a file instead

time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)}) to whitelists" id=cool-wind name=crowdsecurity/cdn-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('cloudflare_ip6s.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)}) to whitelists" id=cool-wind name=crowdsecurity/cdn-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:cloudflare_ips.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ips.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:cloudflare_ip6s.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ip6s.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="loading parser file '{/etc/crowdsec/postoverflows/s01-whitelist/discord-crawler-whitelist.yaml s01-whitelist}'"
time="2024-07-08T12:46:57Z" level=debug msg="adding expression evt.Enriched.reverse_dns endsWith '.ptr.discord.com.' to whitelists" id=holy-sunset name=crowdsecurity/discord-crawler-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/discord-crawler-whitelist.yaml stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="loading parser file '{/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml s01-whitelist}'"
time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('rdns_seo_bots.txt'), { len(#) > 0 && evt.Enriched.reverse_dns endsWith #}) to whitelists" id=misty-snowflake name=crowdsecurity/seo-bots-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="adding expression RegexpInFile(evt.Enriched.reverse_dns, 'rdns_seo_bots.regex') to whitelists" id=misty-snowflake name=crowdsecurity/seo-bots-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('ip_seo_bots.txt'), { len(#) > 0 && IpInRange(evt.Overflow.Alert.Source.IP ,#)}) to whitelists" id=misty-snowflake name=crowdsecurity/seo-bots-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:rdns_seo_bots.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:rdns_seo_bots.regex) (type:regexp)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.regex: no such file or directory"
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:ip_seo_bots.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/ip_seo_bots.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml stage=s01-whitelist

let me dig further

[Simbiat]

If it will help, my configs are in https://github.com/Simbiat/simbiat.ru/tree/master/config/crowdsec

[LaurenceJJones]

Right we managed to find the cause and it is indeed a bug ✨ thank you for reporting it, but TLDR; is when we decided to ship all the hub files using rsync there was an oversight in this, when the file exists in the /etc/crowdsec/hub directory it already believes it has been remotely download (which is not the case for docker since they are installed at build time). This then causes cscli to not bother downloading the file because it already thinks they exist when they dont. The reason the second time to container is brought back it knows to download them is cscli hub upgrade is ran as the first item and this then trigger all files to be downloaded.

[Simbiat]

That's somewhat similar to what I was wondering in relationship to

if [ ! -e "/etc/crowdsec/local_api_credentials.yaml" ] && [ ! -e "/etc/crowdsec/config.yaml" ]; then

then. Documentation kind of suggests, that using a .local file is the way to go, instead of regular config.yaml. But since I do not have a config.yaml the entrypoint copies all yaml files from staging, including default config.yaml and default acquis.yaml.
While the former may not a big deal, the latter one can be - it has multiple acquisitions in 1 config (which is supposed to be deprecated), and they may not be needed even. Since I have my acquisitions in acquis.d folder, I have to have an empty acquis.yaml file, so that it does not get overwritten.
While this is a separate issue (I can create a ticket for that, if required), it may be coming from the same assumptions of how things will be setup in a container. While I have at least 2 ideas how to handle acquis.yaml, I do not know what other potential issues may be hidden here.