/var/lib/crowdsec/data was found in a volume
Local agent already registered
Check if lapi needs to register an additional agent
level=warning msg="Instance already enrolled. You can use '--overwrite' to force enroll"
sqlite database permissions updated
/etc/crowdsec was found in a volume
Running hub update
Nothing to do, the hub index is up to date.
crowdsecurity/appsec-virtual-patching is tainted by appsec-rules:crowdsecurity/vpatch-CVE-2025-9316
crowdsecurity/appsec-virtual-patching is tainted by appsec-rules:crowdsecurity/vpatch-CVE-2025-11700
crowdsecurity/appsec-virtual-patching is tainted by appsec-rules:crowdsecurity/vpatch-CVE-2025-13315
/var/lib/crowdsec/data was found in a volume
Running hub upgrade
Action plan:
🔄 check & update data files

level=warning msg="appsec-rules:crowdsecurity/vpatch-CVE-2025-11700 is tainted, use '--force' to overwrite"
level=warning msg="appsec-rules:crowdsecurity/vpatch-CVE-2025-13315 is tainted, use '--force' to overwrite"
level=warning msg="appsec-rules:crowdsecurity/vpatch-CVE-2025-9316 is tainted, use '--force' to overwrite"
level=warning msg="collections:crowdsecurity/appsec-virtual-patching is tainted, use '--force' to overwrite"
Running: cscli  parsers install "crowdsecurity/docker-logs"
Nothing to install or remove.
Running: cscli  parsers install "crowdsecurity/cri-logs"
Nothing to install or remove.
Running: cscli  collections install "crowdsecurity/traefik"
Nothing to install or remove.
Object collections/crowdsecurity/appsec-virtual-patching is tainted, skipping
Running: cscli  collections install "crowdsecurity/appsec-generic-rules"
Nothing to install or remove.
Running: cscli  collections install "crowdsecurity/linux"
Nothing to install or remove.
Running: cscli  parsers install "crowdsecurity/whitelists"
Nothing to install or remove.
time="2025-12-26T15:43:13Z" level=info msg="Enabled feature flags: none"
time="2025-12-26T15:43:13Z" level=info msg="Crowdsec v1.7.4-db3efdbf"
time="2025-12-26T15:43:13Z" level=info msg="Loading CAPI manager"
time="2025-12-26T15:43:14Z" level=info msg="CAPI manager configured successfully"
time="2025-12-26T15:43:14Z" level=info msg="Machine is enrolled in the console, Loading PAPI Client"
time="2025-12-26T15:43:14Z" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2025-12-26T15:43:15Z" level=info msg="Loading enrich plugins"
time="2025-12-26T15:43:15Z" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2025-12-26T15:43:15Z" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2025-12-26T15:43:15Z" level=info msg="Successfully registered enricher 'IpToRange'"
time="2025-12-26T15:43:15Z" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2025-12-26T15:43:15Z" level=info msg="Successfully registered enricher 'ParseDate'"
time="2025-12-26T15:43:15Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2025-12-26T15:43:15Z" level=info msg="Loading parsers from 11 files"
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2025-12-26T15:43:15Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/traefik-logs.yaml stage=s01-parse
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/public-dns-allowlist.yaml stage=s02-enrich
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2025-12-26T15:43:15Z" level=info msg="Loaded 12 nodes from 3 stages"
time="2025-12-26T15:43:15Z" level=info msg="Loading postoverflow parsers"
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s00-enrich/rdns.yaml stage=s00-enrich
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml stage=s01-whitelist
time="2025-12-26T15:43:15Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml stage=s01-whitelist
time="2025-12-26T15:43:15Z" level=info msg="Loaded 3 nodes from 2 stages"
time="2025-12-26T15:43:15Z" level=info msg="Loading 54 scenario files"
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=ancient-morning name=crowdsecurity/ssh-slow-bf
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=billowing-river name=crowdsecurity/ssh-slow-bf_user-enum
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=blue-snow name=crowdsecurity/http-cve-2021-41773
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=cool-frog name=ltsich/http-w00tw00t
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=lingering-sun name=crowdsecurity/CVE-2023-22518
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=hidden-paper name=crowdsecurity/CVE-2022-42889
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=patient-shape name=crowdsecurity/http-crawl-non_statics
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=young-silence name=crowdsecurity/ssh-refused-conn
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=patient-voice name=crowdsecurity/http-path-traversal-probing
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=cold-rain name=crowdsecurity/ssh-cve-2024-6387
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=damp-sea name=crowdsecurity/appsec-generic-test
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=proud-wind name=crowdsecurity/CVE-2022-41697
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=crimson-feather name=crowdsecurity/fortinet-cve-2022-40684
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=holy-star name=crowdsecurity/fortinet-cve-2018-13379
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=sparkling-darkness name=crowdsecurity/ssh-bf
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=white-grass name=crowdsecurity/ssh-bf_user-enum
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=snowy-dream name=crowdsecurity/spring4shell_cve-2022-22965
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=dry-breeze name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=bold-forest name=crowdsecurity/CVE-2022-41082
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=twilight-fire name=crowdsecurity/CVE-2022-46169-bf
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=sparkling-dawn name=crowdsecurity/CVE-2022-46169-cmd
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=twilight-fog name=crowdsecurity/CVE-2022-35914
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=cold-mountain name=crowdsecurity/CVE-2024-38475
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=bitter-haze name=crowdsecurity/vmware-cve-2022-22954
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=wandering-violet name=crowdsecurity/http-generic-bf
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=white-grass name=LePresidente/http-generic-401-bf
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=late-thunder name=LePresidente/http-generic-403-bf
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=ancient-grass name=crowdsecurity/CVE-2022-37042
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=frosty-wildflower name=crowdsecurity/jira_cve-2021-26086
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=sparkling-glade name=crowdsecurity/grafana-cve-2021-43798
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=cool-silence name=crowdsecurity/http-admin-interface-probing
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=hidden-thunder name=crowdsecurity/http-sqli-probbing-detection
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=silent-sound name=crowdsecurity/CVE-2023-22515
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=still-dream name=crowdsecurity/http-cve-probing
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=still-snowflake name=crowdsecurity/http-backdoors-attempts
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=nameless-water name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=winter-violet name=crowdsecurity/thinkphp-cve-2018-20062
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=wild-rain name=crowdsecurity/CVE-2023-49103
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=twilight-wood name=crowdsecurity/http-sap-interface-probing
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=cool-moon name=crowdsecurity/http-xss-probbing
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=damp-violet name=crowdsecurity/http-probing
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=spring-fog name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=misty-violet name=crowdsecurity/CVE-2024-0012
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=icy-rain name=crowdsecurity/appsec-vpatch
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=holy-pond name=crowdsecurity/http-generic-test
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=dry-leaf name=crowdsecurity/http-cve-2021-42013
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=shy-fog name=crowdsecurity/CVE-2022-26134
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=red-tree name=crowdsecurity/http-wordpress-scan
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=falling-wave name=crowdsecurity/http-sensitive-files
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=late-star name=crowdsecurity/http-open-proxy
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=patient-night name=crowdsecurity/http-bad-user-agent
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=dawn-moon name=crowdsecurity/CVE-2017-9841
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=silent-bush name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2025-12-26T15:43:15Z" level=info msg="Adding leaky bucket" cfg=patient-snow name=crowdsecurity/appsec-native
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=misty-snowflake name=crowdsecurity/netgear_rce
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=twilight-glade name=crowdsecurity/CVE-2024-9474
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=weathered-grass name=crowdsecurity/ssh-generic-test
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=divine-haze name=crowdsecurity/CVE-2022-44877
time="2025-12-26T15:43:15Z" level=info msg="Adding trigger bucket" cfg=twilight-snowflake name=crowdsecurity/CVE-2019-18935
time="2025-12-26T15:43:15Z" level=info msg="Loaded 59 scenarios"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-34102 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-25257 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-47812 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-20062 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-41713 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-27223 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-36604 to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/experimental-no-user-agent to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2025-12-26T15:43:15Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2025-12-26T15:43:15Z" level=fatal msg="crowdsec init: while loading appsec rules: appsec rule name is empty for /etc/crowdsec/appsec-rules/vpatch-CVE-2025-9316.yaml"