Defaulted container "crowdsec-agent" out of: crowdsec-agent, wait-for-lapi-and-register (init) Populating configuration directory... sending incremental file list config.yaml console.yaml dev.yaml local_api_credentials.yaml online_api_credentials.yaml profiles.yaml simulation.yaml user.yaml acquis.d/ appsec-configs/ appsec-rules/ collections/ collections/linux.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/linux.yaml collections/sshd.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/sshd.yaml console/ console/context.yaml contexts/ contexts/bf_base.yaml -> /etc/crowdsec/hub/contexts/crowdsecurity/bf_base.yaml hub/ hub/.index.json hub/collections/ hub/collections/crowdsecurity/ hub/collections/crowdsecurity/linux.yaml hub/collections/crowdsecurity/sshd.yaml hub/contexts/ hub/contexts/crowdsecurity/ hub/contexts/crowdsecurity/bf_base.yaml hub/parsers/ hub/parsers/s00-raw/ hub/parsers/s00-raw/crowdsecurity/ hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml hub/parsers/s01-parse/ hub/parsers/s01-parse/crowdsecurity/ hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml hub/parsers/s02-enrich/ hub/parsers/s02-enrich/crowdsecurity/ hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml hub/scenarios/ hub/scenarios/crowdsecurity/ hub/scenarios/crowdsecurity/ssh-bf.yaml hub/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml hub/scenarios/crowdsecurity/ssh-slow-bf.yaml notifications/ notifications/email.yaml notifications/http.yaml notifications/sentinel.yaml notifications/slack.yaml notifications/splunk.yaml parsers/ parsers/s00-raw/ parsers/s00-raw/syslog-logs.yaml -> /etc/crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml parsers/s01-parse/ parsers/s01-parse/sshd-logs.yaml -> /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml parsers/s02-enrich/ parsers/s02-enrich/dateparse-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml parsers/s02-enrich/geoip-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml parsers/s02-enrich/whitelists.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml patterns/ patterns/aws patterns/bacula patterns/bro patterns/cowrie_honeypot patterns/exim patterns/firewalls patterns/haproxy patterns/java patterns/junos patterns/linux-syslog patterns/mcollective patterns/modsecurity patterns/mongodb patterns/mysql patterns/nagios patterns/nginx patterns/paths patterns/postgresql patterns/rails patterns/redis patterns/ruby patterns/smb patterns/ssh patterns/tcpdump postoverflows/ scenarios/ scenarios/ssh-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml scenarios/ssh-cve-2024-6387.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml scenarios/ssh-slow-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml sent 2,121,314 bytes received 1,127 bytes 4,244,882.00 bytes/sec total size is 2,116,685 speedup is 1.00 Skipping hub update, index file is not in a volume Skipping hub upgrade, data directory is not in a volume Running: cscli parsers install "crowdsecurity/docker-logs" Action plan: 📥 download parsers: crowdsecurity/docker-logs (0.1) ✅ enable parsers: crowdsecurity/docker-logs downloading parsers:crowdsecurity/docker-logs enabling parsers:crowdsecurity/docker-logs level=warning msg="A new CrowdSec release is available (v1.6.9). Your version is 'v1.6.8'. Please update it to use new parsers/scenarios/collections." Running: cscli parsers install "crowdsecurity/cri-logs" Action plan: 📥 download parsers: crowdsecurity/cri-logs (0.1) ✅ enable parsers: crowdsecurity/cri-logs downloading parsers:crowdsecurity/cri-logs level=warning msg="A new CrowdSec release is available (v1.6.9). Your version is 'v1.6.8'. Please update it to use new parsers/scenarios/collections." enabling parsers:crowdsecurity/cri-logs Running: cscli parsers install "crowdsecurity/docker-logs" Nothing to do. level=warning msg="A new CrowdSec release is available (v1.6.9). Your version is 'v1.6.8'. Please update it to use new parsers/scenarios/collections." Running: cscli scenarios install "crowdsecurity/pgsql-bf" level=warning msg="A new CrowdSec release is available (v1.6.9). Your version is 'v1.6.8'. Please update it to use new parsers/scenarios/collections." Action plan: 📥 download scenarios: crowdsecurity/pgsql-bf (0.2) ✅ enable scenarios: crowdsecurity/pgsql-bf downloading scenarios:crowdsecurity/pgsql-bf enabling scenarios:crowdsecurity/pgsql-bf time="2025-06-18T07:25:33Z" level=warning msg="crowdsec local API is disabled because 'enable' is set to false" time="2025-06-18T07:25:33Z" level=info msg="Enabled feature flags: none" time="2025-06-18T07:25:33Z" level=info msg="Crowdsec v1.6.8-f209766e" time="2025-06-18T07:25:33Z" level=info msg="Loading prometheus collectors" time="2025-06-18T07:25:33Z" level=warning msg="Exprhelpers loaded without database client." time="2025-06-18T07:25:33Z" level=info msg="Loading grok library /etc/crowdsec/patterns" time="2025-06-18T07:25:35Z" level=info msg="Loading enrich plugins" time="2025-06-18T07:25:35Z" level=info msg="Successfully registered enricher 'GeoIpCity'" time="2025-06-18T07:25:35Z" level=info msg="Successfully registered enricher 'GeoIpASN'" time="2025-06-18T07:25:35Z" level=info msg="Successfully registered enricher 'IpToRange'" time="2025-06-18T07:25:35Z" level=info msg="Successfully registered enricher 'reverse_dns'" time="2025-06-18T07:25:35Z" level=info msg="Successfully registered enricher 'ParseDate'" time="2025-06-18T07:25:35Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'" time="2025-06-18T07:25:35Z" level=info msg="Loading parsers from 10 files" time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw time="2025-06-18T07:25:35Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/api-auchan-fr-logs.yaml stage=s01-parse time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/compte-auchan-fr-logs.yaml stage=s01-parse time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/keycloakx-logs.yaml stage=s01-parse time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich time="2025-06-18T07:25:35Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich time="2025-06-18T07:25:35Z" level=info msg="Loaded 11 nodes from 3 stages" time="2025-06-18T07:25:35Z" level=info msg="No postoverflow parsers to load" time="2025-06-18T07:25:35Z" level=info msg="Loading 7 scenario files" time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=red-bird name=crowdsecurity/pgsql-bf time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=wispy-frog name=api_auchan_fr/crawl_ean_search time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=wild-moon name=compte_auchan_fr/bruteforce time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=withered-rain name=crowdsecurity/ssh-slow-bf time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=still-darkness name=crowdsecurity/ssh-slow-bf_user-enum time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=rough-water name=crowdsecurity/ssh-bf time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=aged-silence name=crowdsecurity/ssh-bf_user-enum time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=purple-mountain name=crowdsecurity/ssh-cve-2024-6387 time="2025-06-18T07:25:35Z" level=info msg="Adding leaky bucket" cfg=quiet-glade name=api_auchan_fr/too_many_account_creations time="2025-06-18T07:25:35Z" level=info msg="Loaded 9 scenarios" time="2025-06-18T07:25:35Z" level=info msg="attempt 1 out of 2" time="2025-06-18T07:25:35Z" level=info msg="attempt 2 out of 2" time="2025-06-18T07:25:35Z" level=info msg="max attempts reached for status code 401" time="2025-06-18T07:25:35Z" level=fatal msg="crowdsec init: while initializing LAPIClient: authenticate watcher (crowdsec-agent-5w84h): API error: ent: machine not found"