Skip to main content

You may see CrowdSec referred to as "Security Engine" and Bouncers referred to as "Remediation Components" within new documentation. This is to better reflect the role of each component within the CrowdSec ecosystem.

Troubleshooting

We have extended our troubleshooting documentation to cover more common issues and questions. If you have any suggestions for this please open an issue here.

Security Engine Troubleshooting

Remediation Components Troubleshooting

CTI Troubleshooting

Community support

Please try to resolve your issue by reading the documentation. If you're unable to find a solution, don't hesitate to seek assistance in:

FAQ

How to report a bug

To report a bug, please open an issue on the affected component's repository:

CrowdSec Repo

CrowdSec Hub Repo

CrowdSec Hub should be used when you have an issue with a parser, scenario or collection.

What license is provided ?

The Security Engine and Remediation Components are provided under MIT license.

How fast is it

The Security Engine can easily handle several thousands of events per second on a rich pipeline (multiple parsers, geoip enrichment, scenarios and so on). Logs are a good fit for sharding by default, so it is definitely the way to go if you need to handle higher throughput.

If you need help for large scale deployment, please get in touch with us on the Form, we love challenges ;)

Why are some scenarios/parsers "tainted" or "custom" ?

When using cscli to list your parsers, scenarios and collections, some might appear as "tainted" or "local".

"tainted" items:

  • Originate from the hub
  • Were locally modified
  • Will not be automatically updated/upgraded by cscli operations (unless --force or similar is specified)
  • Won't be sent to Central API and won't appear in the Console (unless cscli console enable tainted has been specified)

"local" items:

  • Have been locally created by the user
  • Are not managed by cscli operations
  • Won't be sent to Central API and won't appear in the Console (unless cscli console enable custom has been specified)

Which information is sent to your services ?

See CAPI documentation.