Skip to main content

Remediation Component Integration Offline

The Remediation Component Integration Offline issue means a Blocklist integration of type Remediation Component has not pulled from its endpoint for more than 24 hours.

This issue applies to Remediation Components (aka bouncers) directly connected to a Blocklist integration endpoint (aka Blocklist as a Service / BLaaS).

What Triggers This Issue

  • Trigger condition: No pull for 24 hours
  • Criticality: 🔥 Critical
  • Impact: Latest blocklist updates not retrieved and potential malfunction of the remediation component.

Common Root Causes

Diagnosis & Resolution

Depending on the bouncer type, check installation status, configuration, and runtime status. Refer to your remediation component documentation for detailed setup and troubleshooting.

Configuration errors

🔎 Verify bouncer configuration has correct API URL and key

For Blocklist-as-a-Service (BLaaS) connectivity, verify that the bouncer configuration has the correct API URL and key:

  1. api_url: Must point to your BLaaS endpoint (e.g., https://admin.api.crowdsec.net/v1/decisions/stream)
  2. api_key: Your BLaaS API key (found in Console, in your Blocklist integration section, at creation or via "Refresh Credentials")

Property names and configuration file locations vary by bouncer type. Check your remediation component documentation for specifics.

Common configuration file location: /etc/crowdsec/bouncers/crowdsec-<name>-bouncer.conf

# Example: Check configuration file
sudo cat /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf

🛠️ Update bouncer configuration and restart service

Update the bouncer configuration file with the correct API URL and API key. Example:

# [...]
API_URL=https://admin.api.crowdsec.net/v1/decisions/stream
API_KEY=<your-blaas-api-key>
UPDATE_FREQUENCY=10s
# [...]

After updating, restart the bouncer service or reload your web server.
See your remediation component documentation for specific configuration parameters and restart procedures.

Bouncer service stopped or not loaded

🔎 Check bouncer service status and logs

Verify that the bouncer is running and check for errors. The method depends on your bouncer type:

  • Some Bouncers are modules/plugins (NGINX, Apache...)
  • Some are independent processes interacting with a service, via provided config or API (NFtables, Cloudflare,...)

For modules/plugins: Check service logs for module loading/runtime issues.

For standalone processes: Make sure the process is running and logs do not contain startup errors.

Network connectivity issues

🔎 Test connectivity to BLaaS endpoint

From the bouncer host, test network connectivity:

# Test basic connectivity
curl -I https://admin.api.crowdsec.net/

# Test with API key (should return JSON response)
curl -H "X-Api-Key: <your-api-key>" \
  https://admin.api.crowdsec.net/v1/decisions/stream

🛠️ Fix network connectivity issues

If the bouncer cannot reach the BLaaS endpoint:

  1. Check firewall rules - Ensure outbound HTTPS (443) is allowed
  2. Configure proxy settings if behind a corporate proxy - see your bouncer's documentation

See Network Management documentation for required endpoints.

Verify Resolution

After making changes:

  1. Wait 1-2 minutes for the bouncer to attempt its next pull from the endpoint

  2. Check in the Console - Navigate to your Blocklist integration and verify the "Last Pull" timestamp has updated. The offline alert should clear automatically.

Remediation Component Documentation

For detailed setup, configuration, and troubleshooting specific to your bouncer type, see:

Getting Help

If your bouncer still doesn't work after following these steps: