-
Notifications
You must be signed in to change notification settings - Fork 473
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[prometheus] Consider adding native support for cs_lapi_decision
#3290
Comments
@DuvelCorp: Thanks for opening an issue, it is currently awaiting triage. In the meantime, you can:
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
Hello After a few days, my lapi and caddy/crowdsec seems to work fine. I've got real alerts : Some of my grafana dashboards works perfectly: But, still : other dashboard that are supposed to report the IPs banned and their geoloc are not working because I am missing some cs_lapi metrics. And thus I am missing a part of those listed in this doc : https://docs.crowdsec.net/docs/next/observability/prometheus/ Local API Any hint please |
Hey 👋🏻 We dont provide the actual decisions (ip address and geo location data) via the Prometheus endpoint we only provide metrics about counts (EG: scenarios has trigger X times). Thing to note is Prometheus will only expose metrics it has counts for so the list you provided has some:
However I dont see the ones below:
So the question is do you have a remediation component (bouncers) interfacing with this machine LAPI? |
@LaurenceJJones Thank you for your answer. If that was not clear I obviously have a bouncer embedded in Caddy using custom built image But now that you state that you dont expose this metric I have understood my mistake I imported this dashboard in Grafana : https://grafana.com/grafana/dashboards/21689-crowdsec-cyber-threat-insights/
My mistake was that seing the name, I had expected that this was coming directly from Crowdsec metrics. On a side note, its a bit over killing to setup an additional metric component like Victoria to enrich and serve that information, considering that all data needed, including Maxmind GeoIP, is already available in Crowdsec LAPI. |
cs_lapi_decision
What happened?
Just installed Crowdsec for Caddy.
Everything seems to work fine
I triggered myself from a VPN IP an alert by scanning manually several sensitive files, and I got banned as expected :
Prometheus seems to retrieve correctly most of crowdsec metrics :
However I dont get any metric cs_lapi_decision
According to me I should have received it as there is an active decision on-going.
This prevent me to add a list of banned IPs and their Geomap in Grafana, which probably the most important information.
Is there something I missed?
What did you expect to happen?
Get metric data cs_lapi_decision
How can we reproduce it (as minimally and precisely as possible)?
I dont know
Anything else we need to know?
No response
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
On Windows:
C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
paste output here
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.
The text was updated successfully, but these errors were encountered: