Troubleshooting
We have extended our troubleshooting documentation to cover more common issues and questions.
If you have any suggestions for this please open an issue here.
Also, checkout our 🩺 Stack Health-Check page to make sure your Detection, Community Sharing and Remediation are working properly
Console Health Check Issues
If you received a health check alert from the CrowdSec Console, check out the Console Health Check Issues page for a complete list of issues, their trigger conditions, and dedicated troubleshooting guides.
Troubleshooting by Topic
Community support
Please try to resolve your issue by reading the documentation. If you're unable to find a solution, don't hesitate to seek assistance in:
FAQ
How to report a bug
To report a bug, please open an issue on the affected component's repository:
What license is provided ?
The Security Engine and Remediation Components are provided under MIT license.
How fast is it
The Security Engine can easily handle several thousands of events per second on a rich pipeline (multiple parsers, geoip enrichment, scenarios and so on). Logs are a good fit for sharding by default, so it is definitely the way to go if you need to handle higher throughput.
If you need help for large scale deployment, please get in touch with us on the Form, we love challenges ;)
Why are some scenarios/parsers "tainted" or "custom" ?
When using cscli to list your parsers, scenarios and collections, some might appear as "tainted" or "local".
"tainted" items:
- Originate from the hub
- Were locally modified
- Will not be automatically updated/upgraded by
csclioperations (unless--forceor similar is specified) - Won't be sent to Central API and won't appear in the Console (unless
cscli console enable taintedhas been specified)
"local" items:
- Have been locally created by the user
- Are not managed by
csclioperations - Won't be sent to Central API and won't appear in the Console (unless
cscli console enable customhas been specified)
Which information is sent to your services ?
See CAPI documentation.
stack Health issues list
| Issue | Criticality | Summary | Resolution |
|---|---|---|---|
| Integration for Firewall Offline | 🔥 Critical | Firewall has not pulled from BLaaS endpoint for 24+ hours | Troubleshooting |
| Integration for RC Offline | 🔥 Critical | Remediation Component has not pulled from endpoint for 24+ hours | Troubleshooting |
| Log Processor No Alerts | ⚠️ High | Log Processor has not generated alerts in 48 hours | Troubleshooting |
| Log Processor No Logs Parsed | 🔥 Critical | Logs read but none parsed in the last 48 hours | Troubleshooting |
| Log Processor No Logs Read | 🔥 Critical | No logs acquired in the last 24 hours | Troubleshooting |
| Log Processor Offline | 🔥 Critical | Log Processor has not checked in with LAPI for 24+ hours | Troubleshooting |
| Security Engine No Alerts | ⚠️ High | No alerts generated in the last 48 hours | Troubleshooting |
| Security Engine Offline | 🔥 Critical | Security Engine has not reported to Console for 24+ hours | Troubleshooting |
| Security Engine Too Many Alerts | ⚠️ High | More than 250,000 alerts in 6 hours | Troubleshooting |
