> I can see the linux collection is enabled, but the geoip-entich.yaml is > ignored > for some obscure reason. > > If I do: > > # cscli parsers list > > I do not see the parser in the list. > > Then, if I do: > > # cscli parsers install crowdsecurity/geoip-enrich > INFO[19-09-2021 10:26:23 AM] Ignoring file > /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml of type parsers > FATA[19-09-2021 10:26:23 AM] unable to retrive item : crowdsecurity/geoip- > enrich > > I see it's unable to retrive item crowdsecurity/geoip-enrich but I can't not > see why. > > The geoip database is installed: > > ii geoip-database 20191224-3 all IP lookup command line tools that > use the GeoIP library (country database)
Crowdsec and geoip database are distincts packages and crowdsec package doesn't depend on geoip. In fact to make your setup work, you have to update the scenario index to use the online hub with # cscli hub update Afterwards to install the geoip-enrich parser you'll have to use # cscli parsers install crowdsecurity/geoip-enrich --force (--force to force the download of the mmdb files). Regards, Manuel Sabban
