Console Health Check Issues
The CrowdSec Console monitors your infrastructure health and raises alerts when issues are detected. This page lists all possible health check issues, their trigger conditions, and links to detailed troubleshooting guides.
Understanding Issue Criticality
- Critical: Immediate attention required - core functionality is impaired
- High: Important issue that should be addressed soon - may impact protection effectiveness
Health Check Issues Overview
Security Engine Issues
Security Engine Offline
- Criticality: 🔥 Critical
- Trigger: Security Engine has not reported to the Console for more than 24 hours
- Description: The core CrowdSec service (Log Processor + Local API) has stopped communicating with the Console infrastructure
- Resolution: Security Engine Offline Troubleshooting
Engine No Alerts
- Criticality: ⚠️ High
- Trigger: No alerts generated in the last 48 hours
- Description: The Security Engine is running but hasn't detected any threats, which may indicate logs aren't being processed or scenarios aren't triggering
- Resolution: Engine No Alerts Troubleshooting
Engine Too Many Alerts
- Criticality: ⚠️ High
- Trigger: More than 250,000 alerts generated in 6 hours
- Description: Abnormally high alert volume may indicate a misconfigured scenario, false positives, or an ongoing large-scale attack
- Resolution: Engine Too Many Alerts Troubleshooting
Log Processor Issues
Log Processor Offline
- Criticality: 🔥 Critical
- Trigger: Log Processor has not checked in with Local API for more than 24 hours
- Description: The local agent component has stopped communicating with the Local API
- Resolution: Log Processor Offline Troubleshooting
LP No Alerts
- Criticality: ⚠️ High
- Trigger: No alerts generated by this Log Processor in the last 48 hours
- Description: Logs may not be read, parsed correctly, or no scenarios are matching the parsed events
- Resolution: LP No Alerts Troubleshooting
LP No Logs Read
- Criticality: 🔥 Critical
- Trigger: No logs acquired in the last 24 hours
- Description: The acquisition configuration is missing, incorrect, or log sources are not producing data
- Resolution: LP No Logs Read Troubleshooting
LP No Logs Parsed
- Criticality: 🔥 Critical
- Trigger: Logs are being read but none are successfully parsed in the last 48 hours
- Description: Parsers may be missing, log format may have changed, or there's a mismatch between acquisition type and parser
- Resolution: LP No Logs Parsed Troubleshooting
Remediation Component Issues
Firewall Integration Offline
- Criticality: 🔥 Critical
- Trigger: Firewall bouncer has not pulled decisions for more than 24 hours
- Description: Firewall-based remediation components have stopped communicating with the Local API
- Resolution: Firewall Integration Offline Troubleshooting
RC Integration Offline
- Criticality: 🔥 Critical
- Trigger: Remediation Component has not pulled decisions for more than 24 hours
- Description: Non-firewall remediation components (web servers, reverse proxies, etc.) have stopped communicating with the Local API
- Resolution: RC Integration Offline Troubleshooting
Issue Dependencies
Some issues are related and share common root causes:
-
Engine No Alerts may be caused by:
- LP No Logs Read
- LP No Logs Parsed
- Scenarios not installed or in simulation mode
-
LP No Alerts may be caused by:
- LP No Logs Read
- LP No Logs Parsed
- Scenarios not matching the parsed events
Understanding these dependencies helps you troubleshoot more efficiently by addressing root causes first.
Future Enhancements
The CrowdSec Console will continue to evolve with additional health checks and recommendations. See the Future Console Health Check Issues page for planned features including:
- Enhanced configuration validation
- Blocklists optimization recommendations
- Collection update notifications
- False positive prevention checks
- Premium feature recommendation based on detected benefit
Getting Help
If you've followed the troubleshooting guides and still need assistance:
