Skip to main content
Version: v1.0

Troubleshooting Guide

How to list banned IPs#

cscli decisions list

How to unban an IP#

cscli decisions delete -i x.x.x.x

I want to prevent Crowdsec from banning a given IP#

Inspired from the existing default whitelist for private IP addresses, you can craft your own (and drop it in /etc/crowdsec/parsers/s01-parse/mywhitelist.yaml) :

name: crowdsecurity/mywhitelistsdescription: "Whitelist events from private ipv4 addresses"whitelist:  reason: "private ipv4/ipv6 ip/ranges"  ip:     - ""    - "::1"  cidr:    - ""    - ""    - ""

Scenario XXX keeps triggering, it's a false positive#

To avoid a specific scenario that is bothering you, you have several options :

  • set it in simulation mode : you will see the alerts, but no decisions will be applied
  • purely remove the scenario : it will be completely disabled

My bouncer doesn't start/work (common causes)#

  1. Bouncer cannot connect to the local API
  • error message might look like:
level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp connect: connection refused"
  • solution verify that the local API runs on the configured IP
  1. Bouncer cannot authenticate to the local API
  • error message might look like:
time="19-04-2022 15:43:07" level=error msg="API error: access forbidden"