Hi there,
once again a question to crowdsec on OpenWRT 
I'm still impressed how smooth everthing is running and I want to implement my docker container that is analyzing logs.
Therefore I modified my server api setting in the configuration file in /etc/crowdsec/config.yaml to listen on http://192.168.2.1:8080
I also modified the connection information in /etc/crowdsec/local_api_credentials.yaml and ensured that the connection to the api on the OpenWRT box could be made.
And then based on the official guide here I tried to connect my docker crowdsec container. I registered it successfully on the OpenWRT Box and after validating it it is now listed in the command cscli machines list.
root@OpenWrt:~# cscli machines list
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Name IP Address Last Update Status Version Auth Type Last Heartbeat
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
0760f50ceebc44249ab1c25cd29253e6CUqrHrI7ggYAT0PD 192.168.2.1 2025-11-15T18:28:15Z ✔️ v1.6.2-openwrt-1.6.2-1-openwrt password 43s
unraid 192.168.2.48 2025-11-15T18:19:49Z ✔️ password ⚠️ 9m29s
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
But like you could see in the output the docker crowdsec instance called unraid is not updating it's haertbeat.
The configuration of the crowdsec log processor is like this:
/crowdsec/config.yaml
common:
log_media: stdout
log_level: info
log_dir: /var/log/
config_paths:
config_dir: /etc/crowdsec/
data_dir: /var/lib/crowdsec/data/
simulation_path: /etc/crowdsec/simulation.yaml
hub_dir: /etc/crowdsec/hub/
index_path: /etc/crowdsec/hub/.index.json
notification_dir: /etc/crowdsec/notifications/
plugin_dir: /usr/local/lib/crowdsec/plugins/
crowdsec_service:
acquisition_path: /etc/crowdsec/acquis.yaml
acquisition_dir: /etc/crowdsec/acquis.d
parser_routines: 1
plugin_config:
user: nobody
group: nobody
cscli:
output: human
db_config:
log_level: info
type: sqlite
db_path: /var/lib/crowdsec/data/crowdsec.db
flush:
max_items: 5000
max_age: 7d
use_wal: false
api:
client:
insecure_skip_verify: false
credentials_path: /etc/crowdsec/local_api_credentials.yaml
server:
log_level: info
listen_uri: 0.0.0.0:8080
profiles_path: /etc/crowdsec/profiles.yaml
trusted_ips: # IP ranges, or IPs which can have admin API access
- 127.0.0.1
- ::1
online_client: # Central API credentials (to push signals and receive bad IPs)
credentials_path: /etc/crowdsec//online_api_credentials.yaml
enable: true
prometheus:
enabled: true
level: full
listen_addr: 0.0.0.0
listen_port: 6060
and /etc/crowdsec/local_api_credentials.yaml
url: 192.168.2.1:8080
login: unraid
password: qGJILRh0P1sFIgXTkUfAoyA6QmrasdadsqweoPvyv77goOzUf****2K47ql9v8
I also checked via curl that the log processor can contact the crowdsec API on the OpenWRT box which also looks good to me:
# curl -vk http://192.168.2.1:8080/v1/heartbeat
* Trying 192.168.2.1:8080...
* Connected to 192.168.2.1 (192.168.2.1) port 8080
* using HTTP/1.x
> GET /v1/heartbeat HTTP/1.1
> Host: 192.168.2.1:8080
> User-Agent: curl/8.14.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Www-Authenticate: JWT realm=Crowdsec API local
< Date: Sat, 15 Nov 2025 18:24:24 GMT
< Content-Length: 46
<
* Connection #0 to host 192.168.2.1 left intact
But why is the heartbeat not getting updated then on OpenWRT?
Regards
Shorty