Console Health Check Issues
The CrowdSec Console monitors the health of your CrowdSec stack (Security Engines, Log Processors, remediation components and blocklist integrations) and raises alerts when issues are detected.
This page lists all possible health check issues, their trigger conditions, and links to detailed troubleshooting guides.
Understanding Issue Criticalityโ
- ๐ฅ Critical: Immediate attention required - core functionality is impaired
- โ ๏ธ High: Important issue that should be addressed soon - may impact protection effectiveness
- ๐ก Recommended: Additional actions that improve your security posture (coming in future Stack Health iterations)
- ๐ Bonus: Optimization advice and upper-tier recommendations with strong return on value (coming in future Stack Health iterations)
Health Check Issues Overviewโ
| Issue | Criticality | Summary | Resolution |
|---|---|---|---|
| Integration for Firewall Offline | ๐ฅ Critical | Firewall has not pulled from BLaaS endpoint for 24+ hours | Troubleshooting |
| Integration for Firewall Pulling Zero IPs | โ ๏ธ High | Firewall BLaaS integration is content is empty | Troubleshooting |
| Integration for RC Offline | ๐ฅ Critical | Remediation Component has not pulled from endpoint for 24+ hours | Troubleshooting |
| Log Processor No Alerts | โ ๏ธ High | Log Processor has not generated alerts in 48 hours | Troubleshooting |
| Log Processor No Logs Parsed | ๐ฅ Critical | Logs read but none parsed in the last 48 hours | Troubleshooting |
| Log Processor No Logs Read | ๐ฅ Critical | No logs acquired in the last 24 hours | Troubleshooting |
| Log Processor Offline | ๐ฅ Critical | Log Processor has not checked in with LAPI for 24+ hours | Troubleshooting |
| Security Engine No Alerts | โ ๏ธ High | No alerts generated in the last 48 hours | Troubleshooting |
| Security Engine No RC | ๐ก Reco. | Security Engine has no Remediation Component registered | Troubleshooting |
| Security Engine No Active RC | ๐ฅ Critical | All registered Remediation Components have been inactive for 24+ hours | Troubleshooting |
| Security Engine Offline | ๐ฅ Critical | Security Engine has not reported to Console for 24+ hours | Troubleshooting |
| Security Engine Too Many Alerts | โ ๏ธ High | More than 250,000 alerts in 6 hours | Troubleshooting |
Issue Dependenciesโ
Some issues are related and share common root causes:
-
Engine No Alerts may be caused by:
- LP No Logs Read
- LP No Logs Parsed
- Scenarios not installed or in simulation mode
-
LP No Alerts may be caused by:
- LP No Logs Read
- LP No Logs Parsed
- Scenarios not matching the parsed events
Understanding these dependencies helps you troubleshoot faster by addressing root causes first.
Future Enhancementsโ
For planned and experimental health checks, see Future Console Health Check Issues for features including:
- Enhanced configuration validation
- Blocklists optimization recommendations
- Collection update notifications
- False positive prevention checks
- Premium feature recommendation based on detected benefit
Getting Helpโ
If you've followed the troubleshooting guides and still need assistance: