NPMplus with Crowdsec on Unraid not working #1717

MikeNatC · 2025-04-11T19:17:18Z

MikeNatC
Apr 11, 2025

When I try to visit my various IP addresses and domains, I get either a 'Forbidden Access' or 'Internal: 500 Error"

My docker template for NPMplus is:

version: "3.9"
services:
  npmplus:
    image: zoeyvid/npmplus
    container_name: npmplus
    restart: unless-stopped
    ports:
      - "8125:81"
      - "80:80"
      - "443:443/tcp"
      - "443:443/udp"
    volumes:
      - /mnt/cache/appdata/npmplus/data/:/data
      - /mnt/cache/appdata/npmplus/letsencrypt/:/etc/letsencrypt
    environment:
      PUID: "100"
      PGID: "100"
      TZ: "Asia/Singapore"
      GOA: "false"
    networks:
      br0:
        ipv4_address: 10.10.4.203

networks:
  br0:
    driver: bridge
    ipam:
      config:
        - subnet: 10.10.4.0/24 # Adjust subnet to match your br0 network

My config for Crowdsec is:

version: "3.9"
services:
  crowdsec:
    image: crowdsecurity/crowdsec
    container_name: crowdsec
    restart: unless-stopped
    ports:
      - "8081:8081"
      - "6060:6060"
    volumes:
      - /mnt/cache/appdata/crowdsec/data/:/var/lib/crowdsec/data
      - /mnt/cache/appdata/crowdsec/:/etc/crowdsec
      - /mnt/cache/dmz/crowdsec/auth/:/var/log/auth.log
      - /mnt/cache/dmz/crowdsec/:/var/log/crowdsec
      - /var/log/syslog:/syslog:ro
      - /mnt/cache/npmplus/nginx:/mnt/cache/npmplus/nginx:ro
    environment:
      COLLECTIONS: ZoeyVid/npmplus
      TZ: Asia/Singapore
      PUID: "99"
      PGID: "100"
      CA_TS_FALLBACK_DIR: /var/lib/crowdsec/data
    networks:
      br0:
        ipv4_address: 10.10.4.205

networks:
  br0:
    driver: bridge
    ipam:
      config:
        - subnet: 10.10.4.0/24 # Adjust subnet to match your br0 network

My npmplus.yaml file is

filenames:
  - /mnt/cache/appdata/npmplus/nginx/*.log
labels:
  type: npmplus
---
filenames:
  - /mnt/cache/appdata/npmplus/data/nginx/*.log  #/mnt/cache/appdata/npmplus/nginx/*.log
labels:
  type: modsecurity
---
listen_addr: 0.0.0.0:6060
appsec_config: crowdsecurity/appsec-default
name: appsec
source: appsec
labels:
  type: appsec

Lastly, my crowdsec.conf file is:

ENABLED=true
API_URL=http://10.10.4.205:8081 #127.0.0.1:8080
API_KEY=[****]
CACHE_EXPIRATION=1
# bounce for all type of remediation that the bouncer can receive from the local API
BOUNCING_ON_TYPE=all
FALLBACK_REMEDIATION=ban
REQUEST_TIMEOUT=2500
UPDATE_FREQUENCY=10
# By default internal requests are ignored, such as any path affected by rewrite rule.
# set ENABLE_INTERNAL=true to allow checking on these internal requests.
ENABLE_INTERNAL=false
# live or stream
MODE=live
# exclude the bouncing on those location
EXCLUDE_LOCATION=
#those apply for "ban" action
# /!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE
BAN_TEMPLATE_PATH=/data/crowdsec/ban.html
REDIRECT_LOCATION=
RET_CODE=
#those apply for "captcha" action
#valid providers are recaptcha, hcaptcha, turnstile
CAPTCHA_PROVIDER=
# Captcha Secret Key
SECRET_KEY=
# Captcha Site key
SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/data/crowdsec/captcha.html
CAPTCHA_EXPIRATION=3600

APPSEC_URL=http://10.10.4.205:6060
APPSEC_FAILURE_ACTION=deny
APPSEC_CONNECT_TIMEOUT=1000
APPSEC_SEND_TIMEOUT=30000
APPSEC_PROCESS_TIMEOUT=10000
ALWAYS_SEND_TO_APPSEC=false
SSL_VERIFY=true

When I run this, it blocks my NPMplus IP address and also my proxy host domain, giving an Internal: 500 error and a Forbidden Access message. Here is the log for NPMplus:


LINEAGE RESULT  REASON
reading config file /etc/logrotate
acquired lock on state file /data/logrotate.stateReading state from file: /data/logrotate.state
Allocating hash table for state file, size 64 entries
Creating new state
Creating new state
Creating new state

Handling 1 logs

rotating pattern: /data/nginx/*.log  after 1 days (3 rotations)
empty log files are not rotated, old logs are removed
considering log /data/nginx/access.log
  Now: 2025-04-12 03:09
  Last rotated at 2025-04-12 00:57
  log does not need rotating (log has been rotated at 2025-04-12 00:57, which is less than a day ago)
considering log /data/nginx/error.log
  Now: 2025-04-12 03:09
  Last rotated at 2025-04-12 00:57
  log does not need rotating (log has been rotated at 2025-04-12 00:57, which is less than a day ago)
considering log /data/nginx/stream.log
  Now: 2025-04-12 03:09
  Last rotated at 2025-04-08 22:00
  log does not need rotating (log is empty)
not running prerotate script, since no logs will be rotated
not running postrotate script, since no logs were rotated
2025/04/12 03:09:11 [notice] 282#282: parsed a resolver: "127.0.0.11" in /usr/local/nginx/conf/nginx.conf:91
2025/04/12 03:09:11 [notice] 282#282: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/0/0)
2025/04/12 03:09:11 [notice] 282#282: parsed a resolver: "127.0.0.11" in /usr/local/nginx/conf/nginx.conf:183
2025/04/12 03:09:11 [error] 282#282: [lua] crowdsec.lua:69: init(): error loading captcha plugin: no recaptcha site key provided, can't use recaptcha
2025/04/12 03:09:11 [error] 282#282: [lua] crowdsec.lua:126: init(): APPSEC is enabled on '10.10.4.205:6060'
2025/04/12 03:09:11 [alert] 282#282: [lua] crowdsec.conf:3):8: [Crowdsec] Initialisation done
2025/04/12 03:09:13 [error] 282#282: [lua] crowdsec.lua:69: init(): error loading captcha plugin: no recaptcha site key provided, can't use recaptcha
2025/04/12 03:09:13 [error] 282#282: [lua] crowdsec.lua:126: init(): APPSEC is enabled on '10.10.4.205:6060'
2025/04/12 03:09:13 [alert] 282#282: [lua] crowdsec.conf:3):8: [Crowdsec] Initialisation done
2025/04/12 03:09:19 [error] 1120#1120: *1 connect() failed (111: Connection refused), client: X.X.X.X, server: example.domain.com, request: "GET / HTTP/2.0", host: "example.domain.com"
2025/04/12 03:09:19 [error] 1120#1120: *1 connect() failed (111: Connection refused), client: X.X.X.X, server: example.domain.com request: "GET / HTTP/2.0", host: "example.domain.com"
2025/04/12 03:09:19 [error] 1120#1120: *1 [lua] crowdsec.lua:489: AppSecCheck(): Fallback because of err: connection refused, client: X.X.X.X, server: example.domain.com request: "GET / HTTP/2.0", host: "example.domain.com"
2025/04/12 03:09:19 [error] 1120#1120: *1 [lua] crowdsec.lua:570: Allow(): AppSec check: connection refused, client: X.X.X.X, server: example.domain.com, request: "GET / HTTP/2.0", host: "example.domain.com"
2025/04/12 03:09:19 [alert] 1120#1120: *1 [lua] crowdsec.lua:637: Allow(): [Crowdsec] denied 'X.X.X.X' with 'ban' (by appsec), client: X.X.X.X, server: example.domain.com, request: "GET / HTTP/2.0", host: "example.domain.com"
2025/04/12 03:09:41 [error] 1120#1120: *4 connect() failed (113: Host is unreachable), client: 127.0.0.1, server: _, request: "GET /api/ HTTP/2.0", host: "127.0.0.1:81"
2025/04/12 03:09:41 [error] 1120#1120: *4 connect() failed (113: Host is unreachable), client: 127.0.0.1, server: _, request: "GET /api/ HTTP/2.0", host: "127.0.0.1:81"
2025/04/12 03:09:41 [error] 1120#1120: *4 [lua] crowdsec.lua:489: AppSecCheck(): Fallback because of err: host is unreachable, client: 127.0.0.1, server: _, request: "GET /api/ HTTP/2.0", host: "127.0.0.1:81"
2025/04/12 03:09:41 [error] 1120#1120: *4 [lua] crowdsec.lua:570: Allow(): AppSec check: host is unreachable, client: 127.0.0.1, server: _, request: "GET /api/ HTTP/2.0", host: "127.0.0.1:81"
2025/04/12 03:09:41 [alert] 1120#1120: *4 [lua] crowdsec.lua:637: Allow(): [Crowdsec] denied '127.0.0.1' with 'ban' (by appsec), client: 127.0.0.1, server: _, request: "GET /api/ HTTP/2.0", host: "127.0.0.1:81"

-------------------------------------
 _ _  ___  __ __       _
| \ || . \|  \  \ ___ | | _ _  ___
|   ||  _/|     || . \| || | |[_-[
|_\_||_|  |_|_|_||  _/|_| \__|/__/
                 |_|
-------------------------------------
Version:  2.12.3+7f1c292
Date:     Sat Apr 12 03:09:11 +08 2025
-------------------------------------

no DEFAULT_CERT_ID set, using dummycerts.
removed '/usr/local/nginx/logs/nginx.pid'
usermod: no changes

-------------------------------------
User:     npm
PUID:     100
User ID:  100
PGID:     100
Group ID: 100
-------------------------------------

npm-1   updated

Starting services...
[Global   ] › ℹ  info      Using Sqlite: /data/npmplus/database.sqlite
[Migrate  ] › ℹ  info      Current database version: none
[Certbot  ] › ▶  start     Installing cloudflare...
[Global   ] › ⬤  debug     CMD: pip install --upgrade --no-cache-dir certbot-dns-cloudflare
[Global   ] › ⬤  debug     CMD: nginxbeautifier -s 4 /usr/local/nginx/conf/conf.d/default.conf
[Certbot  ] › ☒  complete  Installed cloudflare
[IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[Global   ] › ⬤  debug     CMD: certbot-ocsp-fetcher.sh -c /data/tls/certbot/live -o /data/tls/certbot/live --no-reload-webserver --quiet
[SSL      ] › ℹ  info      Certbot Renewal Timer initialized
[IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[Global   ] › ℹ  info      Backend PID 284 listening on port 48681
[Global   ] › ⬤  debug     CMD: nginx -tq
[Nginx    ] › ℹ  info      Reloading Nginx
[Global   ] › ⬤  debug     CMD: nginx -s reload

Here is my crowdsec log:

time="2025-04-12T03:13:49+08:00" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2025-04-12T03:13:49+08:00" level=info msg="Successfully registered enricher 'IpToRange'"
time="2025-04-12T03:13:49+08:00" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2025-04-12T03:13:49+08:00" level=info msg="Successfully registered enricher 'ParseDate'"
time="2025-04-12T03:13:49+08:00" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2025-04-12T03:13:49+08:00" level=info msg="Loading parsers from 12 files"
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/modsecurity.yaml stage=s01-parse
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/npmplus-logs.yaml stage=s01-parse
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/openappsec-logs.yaml stage=s01-parse
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 13 nodes from 3 stages"
time="2025-04-12T03:13:49+08:00" level=info msg="No postoverflow parsers to load"
time="2025-04-12T03:13:49+08:00" level=info msg="Loading 71 scenario files"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=patient-grass name=crowdsecurity/CVE-2022-44877
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=red-star name=crowdsecurity/appsec-vpatch
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=dry-field name=openappsec/openappsec-request-rate-limit
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=lingering-frost name=crowdsecurity/CVE-2022-41082
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=icy-dust name=openappsec/openappsec-probing
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=polished-sea name=crowdsecurity/nginx-req-limit-exceeded
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=bold-sunset name=crowdsecurity/http-cve-probing
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=crimson-breeze name=openappsec/openappsec-error-disclosure
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=restless-frost name=crowdsecurity/ssh-cve-2024-6387
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=red-sea name=openappsec/openappsec-url-instead-of-file
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=muddy-sun name=openappsec/openappsec-http-limit-violation
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=twilight-water name=crowdsecurity/CVE-2022-46169-bf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=green-sea name=crowdsecurity/CVE-2022-46169-cmd
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=twilight-river name=crowdsecurity/fortinet-cve-2022-40684
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=still-mountain name=openappsec/openappsec-bot-protection
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=twilight-pine name=openappsec/openappsec-ldap-injection
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=weathered-darkness name=crowdsecurity/CVE-2022-42889
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=misty-haze name=crowdsecurity/CVE-2024-9474
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=withered-star name=crowdsecurity/http-sensitive-files
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=shy-flower name=crowdsecurity/http-cve-2021-41773
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=little-silence name=crowdsecurity/thinkphp-cve-2018-20062
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=still-dew name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=white-shape name=crowdsecurity/fortinet-cve-2018-13379
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=blue-sunset name=crowdsecurity/netgear_rce
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=long-paper name=openappsec/openappsec-evasion-techniques
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=empty-violet name=openappsec/openappsec-xxe
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=rough-fire name=crowdsecurity/http-cve-2021-42013
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=still-leaf name=openappsec/openappsec-sql-injection
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=summer-glade name=openappsec/openappsec-cross-site-redirect
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=small-sea name=crowdsecurity/http-crawl-non_statics
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=red-bush name=crowdsecurity/http-bad-user-agent
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=divine-sound name=crowdsecurity/spring4shell_cve-2022-22965
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=sparkling-frog name=openappsec/openappsec-path-traversal
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=blue-moon name=openappsec/openappsec-open-redirect
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=damp-resonance name=crowdsecurity/CVE-2024-38475
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=muddy-haze name=crowdsecurity/http-open-proxy
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=dry-butterfly name=openappsec/openappsec-csrf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=lingering-frost name=crowdsecurity/ssh-bf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=holy-resonance name=crowdsecurity/ssh-bf_user-enum
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=hidden-moon name=ltsich/http-w00tw00t
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=throbbing-darkness name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=purple-tree name=crowdsecurity/CVE-2017-9841
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=still-dew name=crowdsecurity/http-admin-interface-probing
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=ancient-sun name=crowdsecurity/http-xss-probbing
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=late-star name=crowdsecurity/http-backdoors-attempts
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=snowy-fire name=crowdsecurity/CVE-2023-22518
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=wandering-field name=openappsec/openappsec-general
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=cool-snow name=openappsec/openappsec-http-method-violation
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=bold-wind name=crowdsecurity/http-generic-bf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=twilight-sky name=LePresidente/http-generic-401-bf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=summer-snowflake name=LePresidente/http-generic-403-bf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=fragrant-sky name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=quiet-forest name=crowdsecurity/http-probing
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=lingering-forest name=crowdsecurity/vmware-cve-2022-22954
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=throbbing-sound name=openappsec/openappsec-error-limit
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=quiet-sea name=openappsec/openappsec-rce
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=sparkling-firefly name=openappsec/openappsec-xss
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=blue-waterfall name=crowdsecurity/ssh-slow-bf
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=weathered-star name=crowdsecurity/ssh-slow-bf_user-enum
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=snowy-sky name=crowdsecurity/CVE-2022-26134
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=billowing-shape name=crowdsecurity/CVE-2022-41697
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=summer-wind name=crowdsecurity/modsecurity
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=fragrant-moon name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=long-dawn name=crowdsecurity/http-wordpress-scan
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=old-snowflake name=crowdsecurity/http-path-traversal-probing
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=white-dew name=openappsec/openappsec-schema-validation
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=falling-butterfly name=crowdsecurity/CVE-2023-22515
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=late-wildflower name=crowdsecurity/jira_cve-2021-26086
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=blue-rain name=crowdsecurity/http-sqli-probbing-detection
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=green-waterfall name=crowdsecurity/CVE-2022-35914
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=purple-surf name=crowdsecurity/CVE-2023-49103
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=dark-meadow name=crowdsecurity/CVE-2024-0012
time="2025-04-12T03:13:49+08:00" level=info msg="Adding leaky bucket" cfg=divine-night name=crowdsecurity/appsec-native
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=snowy-sky name=crowdsecurity/CVE-2019-18935
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=ancient-haze name=crowdsecurity/CVE-2022-37042
time="2025-04-12T03:13:49+08:00" level=info msg="Adding trigger bucket" cfg=cool-bird name=crowdsecurity/grafana-cve-2021-43798
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 76 scenarios"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-20062 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27348 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-7593 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27292 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-41713 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-52301 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-9054 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29849 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9474 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-26134 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29824 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-6205 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-29927 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-13379 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-26086 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-34102 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/generic-wordpress-uploads-php to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-44529 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-25488 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-0012 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-git-config to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-4577 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27956 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29973 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51567 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-47218 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-32113 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-57727 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9465 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-18935 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3272 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38816 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38856 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-5902 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-41082 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27954 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8963 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-43798 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27564 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-24893 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28255 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28987 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51378 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8190 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2025-04-12T03:13:49+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:13:49 +08] \"POST /v1/watchers/login HTTP/1.1 200 57.665475ms \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:13:49+08:00" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2025-04-12T03:13:49+08:00" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
time="2025-04-12T03:13:49+08:00" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
time="2025-04-12T03:13:49+08:00" level=info msg="Adding file /var/log/auth.log to datasources" type=file
time="2025-04-12T03:13:49+08:00" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="2025-04-12T03:13:49+08:00" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file
time="2025-04-12T03:13:49+08:00" level=info msg="Cache duration for auth not set, using default: 1m0s" name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="loading /etc/crowdsec/appsec-configs/appsec-default.yaml" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 0 outofband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="loading inband rule crowdsecurity/generic-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="Loaded 90 inband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="Created 1 appsec runners" name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="Starting processing data"
time="2025-04-12T03:13:49+08:00" level=warning msg="/var/log/auth.log is a directory, ignoring it." type=file
time="2025-04-12T03:13:49+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:13:49 +08] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 123.562µs \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:13:49+08:00" level=info msg="1 appsec runner to start" name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="Appsec listening on 0.0.0.0:6060" name=appsec type=appsec
time="2025-04-12T03:13:49+08:00" level=info msg="Appsec Runner ready to process event" name=appsec runner_uuid=cb424479-a0e7-49a9-bc42-2b3f8b87a2b2 type=appsec
panic: runtime error: invalid memory address or nil pointer dereference
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7a83a7]

goroutine 104 [running]:
net/http.(*onceCloseListener).close(...)
        net/http/server.go:3924
sync.(*Once).doSlow(0xc001cb01b8?, 0xc001006be0?)
        sync/once.go:78 +0xab
sync.(*Once).Do(...)
        sync/once.go:69
net/http.(*onceCloseListener).Close(0xc000670480)
        net/http/server.go:3920 +0x3b
panic({0x205dc40?, 0x3975420?})
        runtime/panic.go:792 +0x132
net/http.(*onceCloseListener).Accept(0x2826138?)
        <autogenerated>:1 +0x1e
net/http.(*Server).Serve(0xc001cb0100, {0x0, 0x0})
        net/http/server.go:3424 +0x30c
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func1({0x0?, 0x0?}, 0x2?)
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:337 +0x116
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func3({0xc000a29380, 0xc})
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:384 +0x1c2
created by github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe in goroutine 101
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:373 +0x314
Local agent already registered
Check if lapi needs to register an additional agent
/etc/crowdsec was found in a volume
Running hub update
Skipping hub update, index file is recent
/var/lib/crowdsec/data was found in a volume
Running hub upgrade
level=warning msg="parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"
level=warning msg="collections:ZoeyVid/npmplus is tainted, use '--force' to overwrite"
Action plan:
🔄 check & update data files

Running: cscli  parsers install "crowdsecurity/docker-logs" 
Nothing to do.
Running: cscli  parsers install "crowdsecurity/cri-logs" 
Nothing to do.
Object collections/ZoeyVid/npmplus is tainted, skipping
time="2025-04-12T03:13:56+08:00" level=info msg="Enabled feature flags: none"
time="2025-04-12T03:13:56+08:00" level=info msg="Crowdsec v1.6.8-f209766e"
time="2025-04-12T03:13:56+08:00" level=info msg="Loading prometheus collectors"
time="2025-04-12T03:13:56+08:00" level=info msg="Loading CAPI manager"
time="2025-04-12T03:13:58+08:00" level=info msg="CAPI manager configured successfully"
time="2025-04-12T03:13:58+08:00" level=info msg="Start push to CrowdSec Central API (interval: 15s once, then 10s)"
time="2025-04-12T03:13:58+08:00" level=info msg="Start sending metrics to CrowdSec Central API (interval: 30m20s once, then 30m0s)"
time="2025-04-12T03:13:58+08:00" level=info msg="last CAPI pull is newer than 1h30, skip."
time="2025-04-12T03:13:58+08:00" level=info msg="Start pull from CrowdSec Central API (interval: 2h1m10s once, then 2h0m0s)"
time="2025-04-12T03:13:58+08:00" level=info msg="capi metrics: sending"
time="2025-04-12T03:13:58+08:00" level=info msg="CrowdSec Local API listening on 0.0.0.0:8080"
time="2025-04-12T03:13:58+08:00" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2025-04-12T03:13:58+08:00" level=info msg="Loading enrich plugins"
time="2025-04-12T03:13:58+08:00" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2025-04-12T03:13:58+08:00" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2025-04-12T03:13:58+08:00" level=info msg="Successfully registered enricher 'IpToRange'"
time="2025-04-12T03:13:58+08:00" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2025-04-12T03:13:58+08:00" level=info msg="Successfully registered enricher 'ParseDate'"
time="2025-04-12T03:13:58+08:00" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2025-04-12T03:13:58+08:00" level=info msg="Loading parsers from 12 files"
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/modsecurity.yaml stage=s01-parse
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/npmplus-logs.yaml stage=s01-parse
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/openappsec-logs.yaml stage=s01-parse
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 13 nodes from 3 stages"
time="2025-04-12T03:13:58+08:00" level=info msg="No postoverflow parsers to load"
time="2025-04-12T03:13:58+08:00" level=info msg="Loading 71 scenario files"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=lingering-frog name=crowdsecurity/CVE-2024-38475
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=spring-dawn name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=winter-wind name=crowdsecurity/http-crawl-non_statics
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=nameless-dawn name=openappsec/openappsec-evasion-techniques
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=damp-wave name=openappsec/openappsec-bot-protection
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=wandering-thunder name=crowdsecurity/CVE-2022-42889
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=empty-flower name=openappsec/openappsec-url-instead-of-file
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=hidden-breeze name=crowdsecurity/CVE-2022-44877
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=still-cherry name=crowdsecurity/http-sensitive-files
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=proud-water name=openappsec/openappsec-schema-validation
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=withered-cloud name=openappsec/openappsec-open-redirect
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=damp-river name=crowdsecurity/spring4shell_cve-2022-22965
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=cool-leaf name=crowdsecurity/CVE-2022-37042
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=twilight-fog name=crowdsecurity/http-cve-probing
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=blue-bush name=crowdsecurity/http-sqli-probbing-detection
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=spring-lake name=crowdsecurity/nginx-req-limit-exceeded
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=old-sky name=crowdsecurity/jira_cve-2021-26086
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=autumn-fire name=crowdsecurity/CVE-2022-41082
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=winter-sky name=openappsec/openappsec-path-traversal
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=misty-meadow name=crowdsecurity/http-probing
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=little-frost name=crowdsecurity/ssh-slow-bf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=dawn-dream name=crowdsecurity/ssh-slow-bf_user-enum
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=winter-water name=crowdsecurity/CVE-2017-9841
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=lingering-brook name=crowdsecurity/thinkphp-cve-2018-20062
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=empty-wave name=crowdsecurity/CVE-2022-46169-bf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=wispy-feather name=crowdsecurity/CVE-2022-46169-cmd
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=black-tree name=crowdsecurity/CVE-2023-49103
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=white-night name=openappsec/openappsec-general
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=dark-sunset name=crowdsecurity/CVE-2022-41697
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=blue-frog name=crowdsecurity/http-path-traversal-probing
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=late-bird name=openappsec/openappsec-request-rate-limit
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=snowy-cloud name=crowdsecurity/http-bad-user-agent
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=red-sound name=crowdsecurity/CVE-2019-18935
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=silent-meadow name=crowdsecurity/CVE-2023-22518
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=wandering-butterfly name=crowdsecurity/appsec-vpatch
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=young-field name=openappsec/openappsec-xxe
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=summer-dawn name=crowdsecurity/CVE-2024-9474
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=snowy-bush name=openappsec/openappsec-cross-site-redirect
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=silent-river name=crowdsecurity/vmware-cve-2022-22954
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=floral-sound name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=autumn-sun name=crowdsecurity/modsecurity
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=bitter-fire name=openappsec/openappsec-error-disclosure
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=holy-morning name=openappsec/openappsec-http-limit-violation
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=hidden-glade name=crowdsecurity/http-cve-2021-41773
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=aged-smoke name=ltsich/http-w00tw00t
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=throbbing-snowflake name=crowdsecurity/http-generic-bf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=frosty-wind name=LePresidente/http-generic-401-bf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=bold-haze name=LePresidente/http-generic-403-bf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=dawn-bird name=crowdsecurity/ssh-cve-2024-6387
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=morning-cherry name=openappsec/openappsec-http-method-violation
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=fragrant-sun name=openappsec/openappsec-xss
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=shy-sound name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=old-sun name=crowdsecurity/ssh-bf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=cold-resonance name=crowdsecurity/ssh-bf_user-enum
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=red-bird name=crowdsecurity/http-xss-probbing
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=blue-wood name=crowdsecurity/http-backdoors-attempts
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=restless-fog name=crowdsecurity/CVE-2022-26134
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=spring-waterfall name=crowdsecurity/http-wordpress-scan
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=floral-cloud name=crowdsecurity/netgear_rce
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=delicate-frost name=openappsec/openappsec-sql-injection
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=hidden-sea name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=late-sea name=openappsec/openappsec-csrf
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=dark-darkness name=crowdsecurity/CVE-2022-35914
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=restless-dust name=crowdsecurity/CVE-2024-0012
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=floral-river name=openappsec/openappsec-rce
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=long-cherry name=crowdsecurity/fortinet-cve-2018-13379
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=snowy-wind name=openappsec/openappsec-probing
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=billowing-cherry name=crowdsecurity/http-cve-2021-42013
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=nameless-paper name=crowdsecurity/fortinet-cve-2022-40684
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=still-fog name=crowdsecurity/grafana-cve-2021-43798
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=small-brook name=crowdsecurity/CVE-2023-22515
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=solitary-snow name=crowdsecurity/http-open-proxy
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=frosty-silence name=crowdsecurity/http-admin-interface-probing
time="2025-04-12T03:13:58+08:00" level=info msg="Adding leaky bucket" cfg=crimson-sea name=crowdsecurity/appsec-native
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=hidden-paper name=openappsec/openappsec-error-limit
time="2025-04-12T03:13:58+08:00" level=info msg="Adding trigger bucket" cfg=icy-thunder name=openappsec/openappsec-ldap-injection
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 76 scenarios"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-6205 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9465 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-13379 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-0012 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-34102 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-20062 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-43798 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-47218 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28255 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38856 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-4577 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8963 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-5902 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-9054 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-44529 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-25488 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-26134 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27348 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-32113 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-41713 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-57727 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-24893 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27564 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-52301 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-29927 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-41082 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3272 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51378 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9474 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-26086 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27956 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29973 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-18935 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27954 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-7593 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-git-config to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27292 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29849 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28987 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29824 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8190 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/generic-wordpress-uploads-php to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38816 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51567 to appsec rules"
time="2025-04-12T03:13:58+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:13:58 +08] \"POST /v1/watchers/login HTTP/1.1 200 57.064444ms \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:13:58+08:00" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2025-04-12T03:13:58+08:00" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
time="2025-04-12T03:13:58+08:00" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
time="2025-04-12T03:13:58+08:00" level=info msg="Adding file /var/log/auth.log to datasources" type=file
time="2025-04-12T03:13:58+08:00" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="2025-04-12T03:13:58+08:00" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file
time="2025-04-12T03:13:58+08:00" level=info msg="Cache duration for auth not set, using default: 1m0s" name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="loading /etc/crowdsec/appsec-configs/appsec-default.yaml" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 0 outofband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="loading inband rule crowdsecurity/generic-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="Loaded 90 inband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="Created 1 appsec runners" name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="Starting processing data"
time="2025-04-12T03:13:58+08:00" level=warning msg="/var/log/auth.log is a directory, ignoring it." type=file
time="2025-04-12T03:13:58+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:13:58 +08] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 188.664µs \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:13:58+08:00" level=info msg="1 appsec runner to start" name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="Appsec listening on 0.0.0.0:6060" name=appsec type=appsec
time="2025-04-12T03:13:58+08:00" level=info msg="Appsec Runner ready to process event" name=appsec runner_uuid=b77f061e-d461-452b-82e0-6831fa535251 type=appsec
panic: runtime error: invalid memory address or nil pointer dereference
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7a83a7]

goroutine 199 [running]:
net/http.(*onceCloseListener).close(...)
        net/http/server.go:3924
sync.(*Once).doSlow(0xc0005e2ab8?, 0xc000036be0?)
        sync/once.go:78 +0xab
sync.(*Once).Do(...)
        sync/once.go:69
net/http.(*onceCloseListener).Close(0xc001cfc1b0)
        net/http/server.go:3920 +0x3b
panic({0x205dc40?, 0x3975420?})
        runtime/panic.go:792 +0x132
net/http.(*onceCloseListener).Accept(0x2826138?)
        <autogenerated>:1 +0x1e
net/http.(*Server).Serve(0xc0005e2a00, {0x0, 0x0})
        net/http/server.go:3424 +0x30c
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func1({0x0?, 0x0?}, 0x2?)
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:337 +0x116
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func3({0xc001008840, 0xc})
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:384 +0x1c2
created by github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe in goroutine 196
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:373 +0x314
Local agent already registered
Check if lapi needs to register an additional agent
/etc/crowdsec was found in a volume
Running hub update
Skipping hub update, index file is recent
/var/lib/crowdsec/data was found in a volume
Running hub upgrade
level=warning msg="parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"
level=warning msg="collections:ZoeyVid/npmplus is tainted, use '--force' to overwrite"
Action plan:
🔄 check & update data files

Running: cscli  parsers install "crowdsecurity/docker-logs" 
Nothing to do.
Running: cscli  parsers install "crowdsecurity/cri-logs" 
Nothing to do.
Object collections/ZoeyVid/npmplus is tainted, skipping
time="2025-04-12T03:14:12+08:00" level=info msg="Enabled feature flags: none"
time="2025-04-12T03:14:12+08:00" level=info msg="Crowdsec v1.6.8-f209766e"
time="2025-04-12T03:14:12+08:00" level=info msg="Loading prometheus collectors"
time="2025-04-12T03:14:12+08:00" level=info msg="Loading CAPI manager"
time="2025-04-12T03:14:13+08:00" level=info msg="CAPI manager configured successfully"
time="2025-04-12T03:14:13+08:00" level=info msg="Start push to CrowdSec Central API (interval: 16s once, then 10s)"
time="2025-04-12T03:14:13+08:00" level=info msg="Start sending metrics to CrowdSec Central API (interval: 42m0s once, then 30m0s)"
time="2025-04-12T03:14:13+08:00" level=info msg="last CAPI pull is newer than 1h30, skip."
time="2025-04-12T03:14:13+08:00" level=info msg="Start pull from CrowdSec Central API (interval: 1h56m57s once, then 2h0m0s)"
time="2025-04-12T03:14:13+08:00" level=info msg="capi metrics: sending"
time="2025-04-12T03:14:13+08:00" level=info msg="CrowdSec Local API listening on 0.0.0.0:8080"
time="2025-04-12T03:14:13+08:00" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2025-04-12T03:14:14+08:00" level=info msg="Loading enrich plugins"
time="2025-04-12T03:14:14+08:00" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2025-04-12T03:14:14+08:00" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2025-04-12T03:14:14+08:00" level=info msg="Successfully registered enricher 'IpToRange'"
time="2025-04-12T03:14:14+08:00" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2025-04-12T03:14:14+08:00" level=info msg="Successfully registered enricher 'ParseDate'"
time="2025-04-12T03:14:14+08:00" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2025-04-12T03:14:14+08:00" level=info msg="Loading parsers from 12 files"
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/modsecurity.yaml stage=s01-parse
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/npmplus-logs.yaml stage=s01-parse
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/openappsec-logs.yaml stage=s01-parse
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 13 nodes from 3 stages"
time="2025-04-12T03:14:14+08:00" level=info msg="No postoverflow parsers to load"
time="2025-04-12T03:14:14+08:00" level=info msg="Loading 71 scenario files"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=solitary-grass name=openappsec/openappsec-general
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=solitary-river name=crowdsecurity/CVE-2024-0012
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=restless-cloud name=crowdsecurity/http-crawl-non_statics
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=empty-frost name=crowdsecurity/modsecurity
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=ancient-thunder name=openappsec/openappsec-bot-protection
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=empty-wind name=crowdsecurity/http-bad-user-agent
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=autumn-field name=crowdsecurity/fortinet-cve-2018-13379
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=late-sea name=openappsec/openappsec-error-disclosure
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=aged-bush name=openappsec/openappsec-path-traversal
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=floral-feather name=crowdsecurity/CVE-2022-37042
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=little-sun name=crowdsecurity/CVE-2023-22515
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=white-pine name=crowdsecurity/appsec-native
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=autumn-bush name=crowdsecurity/http-xss-probbing
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=hidden-bush name=crowdsecurity/CVE-2022-41697
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=fragrant-darkness name=crowdsecurity/http-cve-probing
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=bold-sun name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=polished-sky name=crowdsecurity/netgear_rce
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=spring-haze name=crowdsecurity/CVE-2023-22518
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=patient-violet name=openappsec/openappsec-probing
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=fragrant-smoke name=crowdsecurity/ssh-bf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=wild-darkness name=crowdsecurity/ssh-bf_user-enum
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=holy-sound name=crowdsecurity/thinkphp-cve-2018-20062
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=spring-thunder name=crowdsecurity/http-path-traversal-probing
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=divine-breeze name=ltsich/http-w00tw00t
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=dawn-wood name=openappsec/openappsec-error-limit
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=shy-voice name=openappsec/openappsec-open-redirect
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=snowy-paper name=crowdsecurity/CVE-2024-9474
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=cold-snow name=openappsec/openappsec-xss
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=old-shape name=crowdsecurity/CVE-2024-38475
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=muddy-snow name=crowdsecurity/http-backdoors-attempts
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=shy-night name=crowdsecurity/CVE-2017-9841
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=lively-wood name=openappsec/openappsec-ldap-injection
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=snowy-glitter name=openappsec/openappsec-url-instead-of-file
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=red-night name=crowdsecurity/http-generic-bf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=winter-violet name=LePresidente/http-generic-401-bf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=rough-tree name=LePresidente/http-generic-403-bf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=long-mountain name=crowdsecurity/CVE-2022-46169-bf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=spring-butterfly name=crowdsecurity/CVE-2022-46169-cmd
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=twilight-snow name=crowdsecurity/http-wordpress-scan
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=misty-wind name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=aged-feather name=crowdsecurity/nginx-req-limit-exceeded
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=dawn-shadow name=crowdsecurity/http-admin-interface-probing
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=nameless-tree name=crowdsecurity/http-open-proxy
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=sparkling-forest name=crowdsecurity/ssh-cve-2024-6387
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=small-darkness name=crowdsecurity/CVE-2022-44877
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=withered-thunder name=crowdsecurity/spring4shell_cve-2022-22965
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=green-breeze name=openappsec/openappsec-evasion-techniques
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=white-meadow name=crowdsecurity/fortinet-cve-2022-40684
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=fragrant-pine name=crowdsecurity/grafana-cve-2021-43798
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=purple-water name=openappsec/openappsec-cross-site-redirect
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=throbbing-haze name=crowdsecurity/CVE-2023-49103
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=wild-leaf name=crowdsecurity/http-sqli-probbing-detection
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=white-water name=openappsec/openappsec-sql-injection
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=rough-firefly name=crowdsecurity/vmware-cve-2022-22954
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=empty-morning name=crowdsecurity/http-cve-2021-41773
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=shy-bush name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=patient-shape name=crowdsecurity/http-cve-2021-42013
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=purple-shape name=crowdsecurity/CVE-2022-26134
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=empty-thunder name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=young-wood name=openappsec/openappsec-rce
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=rough-silence name=crowdsecurity/http-sensitive-files
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=green-sun name=crowdsecurity/CVE-2022-42889
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=wispy-star name=crowdsecurity/CVE-2022-41082
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=summer-leaf name=crowdsecurity/jira_cve-2021-26086
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=summer-cherry name=openappsec/openappsec-csrf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=cool-river name=crowdsecurity/CVE-2022-35914
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=wispy-shape name=openappsec/openappsec-schema-validation
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=aged-dew name=openappsec/openappsec-http-method-violation
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=broken-surf name=openappsec/openappsec-http-limit-violation
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=falling-cloud name=crowdsecurity/appsec-vpatch
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=empty-morning name=crowdsecurity/ssh-slow-bf
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=summer-sound name=crowdsecurity/ssh-slow-bf_user-enum
time="2025-04-12T03:14:14+08:00" level=info msg="Adding leaky bucket" cfg=white-leaf name=crowdsecurity/http-probing
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=billowing-sun name=openappsec/openappsec-request-rate-limit
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=rough-hill name=crowdsecurity/CVE-2019-18935
time="2025-04-12T03:14:14+08:00" level=info msg="Adding trigger bucket" cfg=rough-tree name=openappsec/openappsec-xxe
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 76 scenarios"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9474 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-43798 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27348 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/generic-wordpress-uploads-php to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8190 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-32113 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51378 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-52301 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-git-config to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-13379 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-20062 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-9054 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-4577 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-18935 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-44529 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27292 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27956 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-29927 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-5902 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29824 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-41082 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27954 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29973 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-26134 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38816 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-6205 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3272 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38856 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-7593 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-24893 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51567 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-26086 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-25488 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9465 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28255 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-34102 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28987 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-41713 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-57727 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-0012 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27564 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29849 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8963 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-47218 to appsec rules"
time="2025-04-12T03:14:14+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:14:14 +08] \"POST /v1/watchers/login HTTP/1.1 200 55.966439ms \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:14:14+08:00" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2025-04-12T03:14:14+08:00" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
time="2025-04-12T03:14:14+08:00" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
time="2025-04-12T03:14:14+08:00" level=info msg="Adding file /var/log/auth.log to datasources" type=file
time="2025-04-12T03:14:14+08:00" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="2025-04-12T03:14:14+08:00" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file
time="2025-04-12T03:14:14+08:00" level=info msg="Cache duration for auth not set, using default: 1m0s" name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="loading /etc/crowdsec/appsec-configs/appsec-default.yaml" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 0 outofband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="loading inband rule crowdsecurity/generic-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="Loaded 90 inband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="Created 1 appsec runners" name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="Starting processing data"
time="2025-04-12T03:14:14+08:00" level=warning msg="/var/log/auth.log is a directory, ignoring it." type=file
time="2025-04-12T03:14:14+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:14:14 +08] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 143.65µs \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:14:14+08:00" level=info msg="1 appsec runner to start" name=appsec type=appsec
time="2025-04-12T03:14:14+08:00" level=info msg="Appsec listening on 0.0.0.0:6060" name=appsec type=appsec
panic: runtime error: invalid memory address or nil pointer dereference
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7a83a7]

goroutine 103 [running]:
net/http.(*onceCloseListener).close(...)
        net/http/server.go:3924
sync.(*Once).doSlow(0xc000c0ccb8?, 0xc00189dbe0?)
        sync/once.go:78 +0xab
sync.(*Once).Do(...)
        sync/once.go:69
net/http.(*onceCloseListener).Close(0xc00198c150)
        net/http/server.go:3920 +0x3b
panic({0x205dc40?, 0x3975420?})
        runtime/panic.go:792 +0x132
net/http.(*onceCloseListener).Accept(0x2826138?)
        <autogenerated>:1 +0x1e
net/http.(*Server).Serve(0xc000c0cc00, {0x0, 0x0})
        net/http/server.go:3424 +0x30c
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func1({0x0?, 0x0?}, 0x2?)
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:337 +0x116
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func3({0xc000feae20, 0xc})
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:384 +0x1c2
created by github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe in goroutine 100
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:373 +0x314
Local agent already registered
Check if lapi needs to register an additional agent
/etc/crowdsec was found in a volume
Running hub update
Skipping hub update, index file is recent
/var/lib/crowdsec/data was found in a volume
Running hub upgrade
level=warning msg="parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"
level=warning msg="collections:ZoeyVid/npmplus is tainted, use '--force' to overwrite"
Action plan:
🔄 check & update data files

Running: cscli  parsers install "crowdsecurity/docker-logs" 
Nothing to do.
Running: cscli  parsers install "crowdsecurity/cri-logs" 
Nothing to do.
Object collections/ZoeyVid/npmplus is tainted, skipping
time="2025-04-12T03:14:40+08:00" level=info msg="Enabled feature flags: none"
time="2025-04-12T03:14:40+08:00" level=info msg="Crowdsec v1.6.8-f209766e"
time="2025-04-12T03:14:40+08:00" level=info msg="Loading prometheus collectors"
time="2025-04-12T03:14:40+08:00" level=info msg="Loading CAPI manager"
time="2025-04-12T03:14:42+08:00" level=info msg="CAPI manager configured successfully"
time="2025-04-12T03:14:42+08:00" level=info msg="Start push to CrowdSec Central API (interval: 16s once, then 10s)"
time="2025-04-12T03:14:42+08:00" level=info msg="Start sending metrics to CrowdSec Central API (interval: 38m4s once, then 30m0s)"
time="2025-04-12T03:14:42+08:00" level=info msg="last CAPI pull is newer than 1h30, skip."
time="2025-04-12T03:14:42+08:00" level=info msg="Start pull from CrowdSec Central API (interval: 2h2m5s once, then 2h0m0s)"
time="2025-04-12T03:14:42+08:00" level=info msg="capi metrics: sending"
time="2025-04-12T03:14:42+08:00" level=info msg="CrowdSec Local API listening on 0.0.0.0:8080"
time="2025-04-12T03:14:42+08:00" level=info msg="Loading grok library /etc/crowdsec/patterns"
time="2025-04-12T03:14:42+08:00" level=info msg="Loading enrich plugins"
time="2025-04-12T03:14:42+08:00" level=info msg="Successfully registered enricher 'GeoIpCity'"
time="2025-04-12T03:14:42+08:00" level=info msg="Successfully registered enricher 'GeoIpASN'"
time="2025-04-12T03:14:42+08:00" level=info msg="Successfully registered enricher 'IpToRange'"
time="2025-04-12T03:14:42+08:00" level=info msg="Successfully registered enricher 'reverse_dns'"
time="2025-04-12T03:14:42+08:00" level=info msg="Successfully registered enricher 'ParseDate'"
time="2025-04-12T03:14:42+08:00" level=info msg="Successfully registered enricher 'UnmarshalJSON'"
time="2025-04-12T03:14:42+08:00" level=info msg="Loading parsers from 12 files"
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/modsecurity.yaml stage=s01-parse
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/npmplus-logs.yaml stage=s01-parse
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/openappsec-logs.yaml stage=s01-parse
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 13 nodes from 3 stages"
time="2025-04-12T03:14:42+08:00" level=info msg="No postoverflow parsers to load"
time="2025-04-12T03:14:42+08:00" level=info msg="Loading 71 scenario files"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=misty-brook name=crowdsecurity/http-crawl-non_statics
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=divine-dust name=crowdsecurity/http-open-proxy
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=broken-bush name=crowdsecurity/vmware-cve-2022-22954
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=aged-thunder name=crowdsecurity/CVE-2023-49103
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=broken-resonance name=crowdsecurity/f5-big-ip-cve-2020-5902
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=ancient-glitter name=openappsec/openappsec-schema-validation
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=muddy-frog name=openappsec/openappsec-url-instead-of-file
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=bitter-violet name=crowdsecurity/http-path-traversal-probing
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=lively-wave name=ltsich/http-w00tw00t
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=silent-star name=crowdsecurity/fortinet-cve-2022-40684
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=rough-haze name=crowdsecurity/CVE-2024-0012
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=weathered-mountain name=crowdsecurity/http-probing
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=sparkling-snowflake name=crowdsecurity/spring4shell_cve-2022-22965
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=sparkling-dream name=crowdsecurity/CVE-2022-42889
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=white-grass name=openappsec/openappsec-request-rate-limit
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=billowing-cherry name=crowdsecurity/http-backdoors-attempts
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=patient-wind name=crowdsecurity/http-cve-probing
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=sparkling-resonance name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=sparkling-frog name=crowdsecurity/ssh-cve-2024-6387
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=misty-bird name=crowdsecurity/appsec-vpatch
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=icy-star name=crowdsecurity/http-cve-2021-42013
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=sparkling-haze name=crowdsecurity/jira_cve-2021-26086
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=purple-pine name=crowdsecurity/fortinet-cve-2018-13379
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=cold-pine name=openappsec/openappsec-error-limit
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=long-leaf name=crowdsecurity/appsec-native
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=quiet-wood name=crowdsecurity/http-admin-interface-probing
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=long-feather name=crowdsecurity/http-xss-probbing
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=black-dew name=crowdsecurity/ssh-slow-bf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=damp-dawn name=crowdsecurity/ssh-slow-bf_user-enum
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=dark-tree name=openappsec/openappsec-cross-site-redirect
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=late-sun name=openappsec/openappsec-xss
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=fragrant-tree name=openappsec/openappsec-path-traversal
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=throbbing-night name=crowdsecurity/http-bad-user-agent
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=bitter-flower name=crowdsecurity/http-sensitive-files
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=bitter-voice name=crowdsecurity/netgear_rce
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=red-shadow name=crowdsecurity/vmware-vcenter-vmsa-2021-0027
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=ancient-shadow name=crowdsecurity/CVE-2022-41082
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=autumn-field name=openappsec/openappsec-csrf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=still-forest name=crowdsecurity/http-cve-2021-41773
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=cool-bird name=openappsec/openappsec-evasion-techniques
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=summer-sky name=openappsec/openappsec-http-method-violation
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=dawn-paper name=crowdsecurity/CVE-2023-22515
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=restless-haze name=openappsec/openappsec-ldap-injection
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=withered-thunder name=crowdsecurity/CVE-2024-9474
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=winter-fog name=crowdsecurity/thinkphp-cve-2018-20062
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=spring-frost name=openappsec/openappsec-http-limit-violation
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=white-forest name=crowdsecurity/http-wordpress-scan
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=late-bird name=crowdsecurity/http-generic-bf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=dry-bush name=LePresidente/http-generic-401-bf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=shy-sea name=LePresidente/http-generic-403-bf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=cool-forest name=crowdsecurity/http-sqli-probbing-detection
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=lingering-fog name=crowdsecurity/CVE-2024-38475
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=lingering-morning name=crowdsecurity/CVE-2019-18935
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=spring-dust name=crowdsecurity/nginx-req-limit-exceeded
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=small-star name=openappsec/openappsec-error-disclosure
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=billowing-sound name=openappsec/openappsec-general
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=twilight-night name=crowdsecurity/modsecurity
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=summer-resonance name=crowdsecurity/CVE-2023-22518
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=patient-glade name=crowdsecurity/grafana-cve-2021-43798
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=holy-glade name=openappsec/openappsec-open-redirect
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=divine-frost name=crowdsecurity/CVE-2022-37042
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=billowing-frost name=crowdsecurity/CVE-2022-44877
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=twilight-bird name=openappsec/openappsec-probing
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=lively-darkness name=crowdsecurity/CVE-2022-26134
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=icy-morning name=crowdsecurity/CVE-2022-46169-bf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=solitary-morning name=crowdsecurity/CVE-2022-46169-cmd
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=long-leaf name=crowdsecurity/CVE-2022-41697
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=long-surf name=crowdsecurity/CVE-2022-35914
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=damp-feather name=openappsec/openappsec-xxe
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=lingering-glitter name=openappsec/openappsec-sql-injection
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=white-frost name=crowdsecurity/CVE-2017-9841
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=empty-resonance name=openappsec/openappsec-bot-protection
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=broken-butterfly name=crowdsecurity/ssh-bf
time="2025-04-12T03:14:42+08:00" level=info msg="Adding leaky bucket" cfg=falling-hill name=crowdsecurity/ssh-bf_user-enum
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=billowing-sun name=crowdsecurity/apache_log4j2_cve-2021-44228
time="2025-04-12T03:14:42+08:00" level=info msg="Adding trigger bucket" cfg=young-dawn name=openappsec/openappsec-rce
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 76 scenarios"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27348 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29849 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29973 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-13379 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-32113 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8190 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-29927 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-5902 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-41082 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28987 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-34102 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-57727 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/generic-wordpress-uploads-php to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-18935 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3272 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51567 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-47218 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27292 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-7593 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-29824 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-git-config to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38856 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-6205 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27956 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-9054 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-0012 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27954 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2025-24893 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-20062 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-43798 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-8963 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9474 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-28255 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-51378 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-52301 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27564 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-38816 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-41713 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-4577 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-9465 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-26086 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-44529 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/base-config to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-25488 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-26134 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules"
time="2025-04-12T03:14:42+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:14:42 +08] \"POST /v1/watchers/login HTTP/1.1 200 53.481043ms \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:14:42+08:00" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml"
time="2025-04-12T03:14:42+08:00" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
time="2025-04-12T03:14:42+08:00" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
time="2025-04-12T03:14:42+08:00" level=info msg="Adding file /var/log/auth.log to datasources" type=file
time="2025-04-12T03:14:42+08:00" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="2025-04-12T03:14:42+08:00" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file
time="2025-04-12T03:14:42+08:00" level=info msg="Cache duration for auth not set, using default: 1m0s" name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="loading /etc/crowdsec/appsec-configs/appsec-default.yaml" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 0 outofband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="loading inband rule crowdsecurity/base-config" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="loading inband rule crowdsecurity/vpatch-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="loading inband rule crowdsecurity/generic-*" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="Loaded 90 inband rules" component=appsec_config name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="Created 1 appsec runners" name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="Starting processing data"
time="2025-04-12T03:14:42+08:00" level=warning msg="/var/log/auth.log is a directory, ignoring it." type=file
time="2025-04-12T03:14:42+08:00" level=info msg="127.0.0.1 - [Sat, 12 Apr 2025 03:14:42 +08] \"GET /v1/allowlists?with_content=true HTTP/1.1 200 203.353µs \"crowdsec/v1.6.8-f209766e-docker\" \""
time="2025-04-12T03:14:42+08:00" level=info msg="1 appsec runner to start" name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="Appsec listening on 0.0.0.0:6060" name=appsec type=appsec
time="2025-04-12T03:14:42+08:00" level=info msg="Appsec Runner ready to process event" name=appsec runner_uuid=f1d87e5c-200f-483c-a437-b51f7ee4c8ee type=appsec
panic: runtime error: invalid memory address or nil pointer dereference
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x7a83a7]

goroutine 214 [running]:
net/http.(*onceCloseListener).close(...)
        net/http/server.go:3924
sync.(*Once).doSlow(0xc0012705b8?, 0xc000dcdbe0?)
        sync/once.go:78 +0xab
sync.(*Once).Do(...)
        sync/once.go:69
net/http.(*onceCloseListener).Close(0xc0002cdad0)
        net/http/server.go:3920 +0x3b
panic({0x205dc40?, 0x3975420?})
        runtime/panic.go:792 +0x132
net/http.(*onceCloseListener).Accept(0x2826138?)
        <autogenerated>:1 +0x1e
net/http.(*Server).Serve(0xc001270500, {0x0, 0x0})
        net/http/server.go:3424 +0x30c
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func1({0x0?, 0x0?}, 0x2?)
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:337 +0x116
github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe.func3({0xc001a19da0, 0xc})
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:384 +0x1c2
created by github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec.(*AppsecSource).listenAndServe in goroutine 211
        github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/appsec.go:373 +0x314

Answered by Zoey2936

Apr 21, 2025

so what port mappings do you use currently for the crowdsec container and which endpoints do you have configured in NPMplus?

View full answer

Zoey2936 · 2025-04-11T20:19:55Z

Zoey2936
Apr 11, 2025
Maintainer

can you reach the crowdsec lapi via curl from inside the npmplus container?

21 replies

MikeNatC Apr 12, 2025
Author

I see... does that mean I need to look through NPMplus or Crowdsec configs to ensure that all of the 127.0.0.1 are now also hard coded? The only one I changed was the crowdsec.conf file in the NPMplus folder.

Zoey2936 Apr 12, 2025
Maintainer

no it should also work without 127.0.0.1

MikeNatC Apr 12, 2025
Author

I'm not sure what else to change cause my knowledge is quite limited. I basically try to follow your instructions but adapt them to Unraid docker templates. And when I have a problem, I try to run the error messages through LLMs - right now using Gemini 2.5

Zoey2936 Apr 21, 2025
Maintainer

so what port mappings do you use currently for the crowdsec container and which endpoints do you have configured in NPMplus?

Answer selected by Zoey2936

MikeNatC Apr 22, 2025
Author

Sorry, after a couple of tries I gave up and switched to Traefik with Crowdsec which I managed to get working.

Still, thank you for following up!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

NPMplus with Crowdsec on Unraid not working #1717

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 21 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

NPMplus with Crowdsec on Unraid not working #1717

Uh oh!

MikeNatC Apr 11, 2025

Replies: 1 comment · 21 replies

Uh oh!

Zoey2936 Apr 11, 2025 Maintainer

Uh oh!

MikeNatC Apr 12, 2025 Author

Uh oh!

Zoey2936 Apr 12, 2025 Maintainer

Uh oh!

MikeNatC Apr 12, 2025 Author

Uh oh!

Zoey2936 Apr 21, 2025 Maintainer

Uh oh!

MikeNatC Apr 22, 2025 Author

MikeNatC
Apr 11, 2025

Replies: 1 comment 21 replies

Zoey2936
Apr 11, 2025
Maintainer

MikeNatC Apr 12, 2025
Author

Zoey2936 Apr 12, 2025
Maintainer

MikeNatC Apr 12, 2025
Author

Zoey2936 Apr 21, 2025
Maintainer

MikeNatC Apr 22, 2025
Author