diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile
index d6022fdd50f9..5f9d90135a3a 100644
--- a/security/crowdsec/Makefile
+++ b/security/crowdsec/Makefile
@@ -1,155 +1,166 @@
 PORTNAME=	crowdsec
 DISTVERSIONPREFIX=	v
-DISTVERSION=	1.5.1
-PORTREVISION=	2
-DISTVERSIONSUFFIX=	-freebsd
+DISTVERSION=	1.5.4
 CATEGORIES=	security
 
 MAINTAINER=	marco@crowdsec.net
 COMMENT=	CrowdSec lightweight and collaborative security engine
 WWW=		https://github.com/crowdsecurity/crowdsec
 
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES=		gmake go:no_targets
+LIB_DEPENDS=	libre2.so:devel/re2
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	crowdsecurity
-GH_PROJECT=	crowdsec
-_BUILD_TAG=	b76e95e3
+USES=		go:modules pkgconfig
+_COMMIT=	e4dcdd25
+_BUILD_DATE=	$$(date -u "+%F_%T")
 USE_RC_SUBR=	crowdsec
 
-MAKE_ARGS=	BUILD_VERSION="${DISTVERSIONFULL}" \
-		BUILD_TAG="${_BUILD_TAG}" \
-		BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" \
-		DEFAULT_CONFIGDIR="${PREFIX}/etc/crowdsec" \
-		DEFAULT_DATADIR="/var/db/crowdsec/data"
+GO_MODULE=	github.com/crowdsecurity/crowdsec
+GO_TARGET=	./cmd/crowdsec ./cmd/crowdsec-cli ./cmd/notification-email ./cmd/notification-http ./cmd/notification-sentinel ./cmd/notification-slack ./cmd/notification-splunk
 
-ALL_TARGET=	build
+GO_BUILDFLAGS=	-v -trimpath -tags netgo,osusergo,sqlite_omit_load_extension,re2_cgo \
+		-ldflags="\
+		-a -s -w \
+		-X github.com/crowdsecurity/go-cs-lib/version.Version=${DISTVERSIONPREFIX}${DISTVERSION}-freebsd \
+		-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${_BUILD_DATE} \
+		-X github.com/crowdsecurity/go-cs-lib/version.Tag=${_COMMIT} \
+		-X $(GO_MODULE)/pkg/cwversion.Codename=alphaga \
+		-X $(GO_MODULE)/pkg/csconfig.defaultConfigDir=${PREFIX}/etc/crowdsec \
+		-X $(GO_MODULE)/pkg/csconfig.defaultDataDir=/var/db/crowdsec/data \
+		-X $(GO_MODULE)/pkg/cwversion.Libre2=C++"
 
 SUB_FILES=	pkg-deinstall pkg-install pkg-message crowdsec.cron upgrade-hub
 
 OPTIONS_DEFINE=	FIREWALL_BOUNCER
 OPTIONS_DEFAULT=
 
 FIREWALL_BOUNCER_DESC=	Depend on security/crowdsec-firewall-bouncer
 FIREWALL_BOUNCER_RUN_DEPENDS=	crowdsec-firewall-bouncer>=0.0.27:security/crowdsec-firewall-bouncer
 
 PLUGIN_DIR=	${PREFIX}/lib/crowdsec/plugins
 STAGE_PLUGINS=	${STAGEDIR}${PLUGIN_DIR}
 STAGE_BIN=	${STAGEDIR}${PREFIX}/bin
 
 post-patch:
 	@${REINPLACE_CMD} 's,/etc/crowdsec/,${ETCDIR}/,g' \
 		${WRKSRC}/config/config.yaml
 
 	@${REINPLACE_CMD} 's,/var/lib/,/var/db/,g' \
 		${WRKSRC}/config/config.yaml
 
 do-install:
 	#
 	# Binaries
 	#
 
-	${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec/crowdsec ${STAGE_BIN}/
-	${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec-cli/cscli ${STAGE_BIN}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec ${STAGE_BIN}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-cli ${STAGE_BIN}/cscli
+
+	# keep this around for compatibility
 	${LN} -s cscli ${STAGE_BIN}/crowdsec-cli
 
 	@${MKDIR} ${STAGE_PLUGINS}
-	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/email/notification-email ${STAGE_PLUGINS}/
-	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/http/notification-http ${STAGE_PLUGINS}/
-	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/slack/notification-slack ${STAGE_PLUGINS}/
-	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/splunk/notification-splunk ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/notification-email ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/notification-http ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/notification-sentinel ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/notification-slack ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/notification-splunk ${STAGE_PLUGINS}/
 
 	#
 	# Configuration
 	#
 
 	@${MKDIR} ${STAGEDIR}${ETCDIR}
 	@(cd ${WRKSRC}/config && ${COPYTREE_SHARE} . ${STAGEDIR}${ETCDIR})
 
 	@${MV} ${STAGEDIR}${ETCDIR}/acquis.yaml \
 		${STAGEDIR}${ETCDIR}/acquis.yaml.sample
 
 	@${MV} ${STAGEDIR}${ETCDIR}/config.yaml \
 		${STAGEDIR}${ETCDIR}/config.yaml.sample
 
 	@${MV} ${STAGEDIR}${ETCDIR}/console.yaml \
 		${STAGEDIR}${ETCDIR}/console.yaml.sample
 
 	@${MV} ${STAGEDIR}${ETCDIR}/profiles.yaml \
 		${STAGEDIR}${ETCDIR}/profiles.yaml.sample
 
 	# managed by "cscli simulation"
 	@${MV} ${STAGEDIR}${ETCDIR}/simulation.yaml \
 		${STAGEDIR}${ETCDIR}/simulation.yaml.sample
 
 	#
 	# Plugin configuration
 	#
 
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications
 
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/email
-	@${MV} ${WRKSRC}/plugins/notifications/email/email.yaml \
+	@${MV} ${WRKSRC}/cmd/notification-email/email.yaml \
 		${STAGEDIR}${ETCDIR}/notifications/email.yaml.sample
 
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/http
-	@${MV} ${WRKSRC}/plugins/notifications/http/http.yaml \
+	@${MV} ${WRKSRC}/cmd/notification-http/http.yaml \
 		${STAGEDIR}${ETCDIR}/notifications/http.yaml.sample
 
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/sentinel
+	@${MV} ${WRKSRC}/cmd/notification-sentinel/sentinel.yaml \
+		${STAGEDIR}${ETCDIR}/notifications/sentinel.yaml.sample
+
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/slack
-	@${MV} ${WRKSRC}/plugins/notifications/slack/slack.yaml \
+	@${MV} ${WRKSRC}/cmd/notification-slack/slack.yaml \
 		${STAGEDIR}${ETCDIR}/notifications/slack.yaml.sample
 
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/splunk
-	@${MV} ${WRKSRC}/plugins/notifications/splunk/splunk.yaml \
+	@${MV} ${WRKSRC}/cmd/notification-splunk/splunk.yaml \
 		${STAGEDIR}${ETCDIR}/notifications/splunk.yaml.sample
 
 	# updated by "cscli machines" at first service start
 	@${MV} ${STAGEDIR}${ETCDIR}/local_api_credentials.yaml \
 		${STAGEDIR}${ETCDIR}/local_api_credentials.yaml.sample
 
 	# updated by "cscli capi" at first service start
 	@${MV} ${STAGEDIR}${ETCDIR}/online_api_credentials.yaml \
 		${STAGEDIR}${ETCDIR}/online_api_credentials.yaml.sample
 
 	#
 	# Data
 	#
 
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/hub
 	@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data
 
 	#
 	# Cron
 	#
 
 	@${MKDIR} ${STAGEDIR}${PREFIX}/libexec/crowdsec
 	${INSTALL_DATA} ${WRKDIR}/upgrade-hub \
 		${STAGEDIR}${PREFIX}/libexec/crowdsec/upgrade-hub
 
 	#
 	# Cleanup
 	#
 
 	@${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml
 	@${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml
 	@${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml
 	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.cron.daily
 	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.service
 	@${RM} ${STAGEDIR}${ETCDIR}/dev.yaml
 	@${RM} ${STAGEDIR}${ETCDIR}/user.yaml
 	@${RM} ${STAGEDIR}${ETCDIR}/detect.yaml
 	@${RM} ${STAGEDIR}${ETCDIR}/context.yaml
 	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/email
 	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/http
+	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/sentinel
 	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/slack
 	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/splunk
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/cron.d
 	${INSTALL_DATA} ${WRKDIR}/crowdsec.cron ${STAGEDIR}${PREFIX}/etc/cron.d/crowdsec
 
 .include <bsd.port.mk>
diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo
index 5da1501580be..112a4b04660a 100644
--- a/security/crowdsec/distinfo
+++ b/security/crowdsec/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1684323254
-SHA256 (crowdsecurity-crowdsec-v1.5.1-freebsd_GH0.tar.gz) = b00ba881d4691ac122d03d1b23ebc2ef2513e42392d628f0c5381b00f07d0996
-SIZE (crowdsecurity-crowdsec-v1.5.1-freebsd_GH0.tar.gz) = 23803699
+TIMESTAMP = 1695208926
+SHA256 (go/security_crowdsec/crowdsec-v1.5.4/v1.5.4.mod) = b4d34c91a97d103a5fb6b4bac159a861af0d9851e43c824f33eefe66cd009a97
+SIZE (go/security_crowdsec/crowdsec-v1.5.4/v1.5.4.mod) = 9499
+SHA256 (go/security_crowdsec/crowdsec-v1.5.4/v1.5.4.zip) = d0419bc5de391784327e898e0f1dca215742c184f32b6de3a6dc87e839758191
+SIZE (go/security_crowdsec/crowdsec-v1.5.4/v1.5.4.zip) = 1340437
diff --git a/security/crowdsec/files/crowdsec.in b/security/crowdsec/files/crowdsec.in
index a63e7ca47da9..e84eeacf57e4 100644
--- a/security/crowdsec/files/crowdsec.in
+++ b/security/crowdsec/files/crowdsec.in
@@ -1,85 +1,125 @@
 #!/bin/sh
 
 # PROVIDE: crowdsec
 # BEFORE: crowdsec_firewall
 # REQUIRE: LOGIN DAEMON NETWORKING
 # KEYWORD: shutdown
 #
 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
 # to enable this service:
 #
 # crowdsec_enable (bool):	Set it to YES to enable crowdsec agent.
 #				Default is "NO".
 # crowdsec_config (str):	Set the agent config path.
 #				Default is "%%PREFIX%%/etc/crowdsec/config.yaml".
-# crowdsec_flags (str):	Set the extra flags to run agent.
+# crowdsec_machine_name (str):	Name for the crowdsec instance when it's running its own lapi.
+#				Default is "localhost".
+# crowdsec_flags (str):	Set the extra flags to run the agent.
 #				Default is ""
 
 . /etc/rc.subr
 
 name=crowdsec
 desc="Crowdsec Agent"
 rcvar=crowdsec_enable
 
-load_rc_config $name
+load_rc_config "$name"
 
 : "${crowdsec_enable:=NO}"
 : "${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml}"
+: "${crowdsec_machine_name:=localhost}"
 : "${crowdsec_flags:=}"
 
 pidfile=/var/run/${name}.pid
 required_files="$crowdsec_config"
 command="%%PREFIX%%/bin/${name}"
 start_cmd="${name}_start"
+stop_cmd="${name}_stop"
 start_precmd="${name}_precmd"
 configtest_cmd="${name}_configtest"
 extra_commands="configtest reload"
 
 crowdsec_precmd() {
     cs_cli() {
         "%%PREFIX%%/bin/cscli" -c "${crowdsec_config}" "$@"
     }
     Config() {
         cs_cli config show --key "Config.$1"
     }
 
     HUB_DIR=$(Config ConfigPaths.HubDir)
     if ! ls -1qA "$HUB_DIR"/* >/dev/null 2>&1; then
         echo "Fetching hub inventory"
         cs_cli hub update || :
     fi
 
-    if [ "$(cs_cli machines list -o json)" = "[]" ]; then
-        echo "Registering LAPI"
-        cs_cli machines add --auto || :
-    fi
-
     CONFIG_DIR=$(Config ConfigPaths.ConfigDir)
-    if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then
-        echo "Registering CAPI"
-        cs_cli capi register || :
+
+    # Is the LAPI enabled on this node?
+    if [ "$(cs_cli config show --key Config.API.Server.Enable)" != "false" ]; then
+
+        # There are no machines, we create the main one
+        if [ "$(cs_cli machines list -o json)" = "[]" ]; then
+            echo "Registering LAPI"
+            cs_cli machines add "${crowdsec_machine_name}" --auto || :
+        fi
+
+        # Register to the central server to receive the community blocklist and more
+        if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then
+            echo "Registering CAPI"
+            cs_cli capi register || :
+        fi
+
     fi
 
     # This would work but takes 30secs to timeout while reading the metrics, because crowdsec is not running yet.
     #    cs_cli collections inspect crowdsecurity/freebsd 2>/dev/null | grep ^installed | grep -q true || \
     #        cs_cli collections install crowdsecurity/freebsd || :
 
     # So we just check for the file
     if [ ! -e "${CONFIG_DIR}/collections/freebsd.yaml" ]; then
         cs_cli collections install crowdsecurity/freebsd || :
     fi
 }
 
+crowdsec_stop()
+{
+    if [ ! -f "$pidfile" ]; then
+        echo "${name} is not running."
+        return
+    fi
+    pid=$(cat "$pidfile")
+    if kill -0 "$pid" >/dev/null 2>&1; then
+        echo "Stopping ${name}."
+        kill -s TERM "$pid" >/dev/null 2>&1
+        # shellcheck disable=SC2034
+        for i in $(seq 1 20); do
+            sleep 1
+            if ! kill -0 "$pid" >/dev/null 2>&1; then
+                rm -f "$pidfile"
+                return
+            fi
+        done
+        echo "Timeout, terminating ${name} with SIGKILL."
+        kill -s KILL "$pid" >/dev/null 2>&1
+        rm -f "$pidfile"
+    else
+        echo "${name} is not running."
+    fi
+}
+
 crowdsec_start()
 {
-    /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
-        ${command} -c "${crowdsec_config}" ${crowdsec_flags}
+    /usr/sbin/daemon -f -p "$pidfile" -t "$desc" -- \
+        "$command" -c "$crowdsec_config" ${crowdsec_flags}
 }
 
 crowdsec_configtest()
 {
     echo "Performing sanity check on ${name} configuration."
-        eval ${command} -c ${crowdsec_config} -t
+    if "$command" -c "$crowdsec_config" -t -error; then
+        echo "Configuration test OK"
+    fi
 }
 
 run_rc_command "$1"
diff --git a/security/crowdsec/files/pkg-message.in b/security/crowdsec/files/pkg-message.in
index 2fa6c08f4b30..b9812a0ed154 100644
--- a/security/crowdsec/files/pkg-message.in
+++ b/security/crowdsec/files/pkg-message.in
@@ -1,20 +1,28 @@
 [
 { type: install
   message: <<EOM
 
 crowdsec is installed.
 
+Note: If you are using OPNsense or pfSense, ignore the following instructions and use the settings page of the
+CrowdSec plugin.
+
+-----
+
 You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration
 
  - config.yaml: main configuration
  - acquis.yaml, acquis.d: datasource configuration (this port does not include automatic discovery of the running services)
  - profiles.yaml: remediation policies (ban, duration, etc)
 
 Then you can enable the daemon via sysrc and run it.
 
+----------
 # sysrc crowdsec_enable="YES"
 crowdsec_enable: NO -> YES
 # service crowdsec start
+----------
+
 EOM
 }
 ]
diff --git a/security/crowdsec/files/upgrade-hub.in b/security/crowdsec/files/upgrade-hub.in
index 450dc8af96cc..27faaf3f598b 100644
--- a/security/crowdsec/files/upgrade-hub.in
+++ b/security/crowdsec/files/upgrade-hub.in
@@ -1,17 +1,17 @@
 #!/bin/sh
 
 test -x /usr/local/bin/cscli || exit 0
 
 # favor the opnsense plugin's cron if it's there
 test -e /usr/local/etc/cron.d/oscrowdsec.cron && exit 0
 
-/usr/local/bin/cscli --error hub update
+/usr/local/bin/cscli --error -o human hub update
 
-upgraded=$(/usr/local/bin/cscli --error hub upgrade)
+upgraded=$(/usr/local/bin/cscli --error -o human hub upgrade)
 if [ -n "$upgraded" ]; then
     # splay initial metrics push
-    sleep $(jot -r 1 1 60)
-    service crowdsec reload
+    sleep "$(jot -r 1 1 60)"
+    service crowdsec onestatus && service crowdsec reload
 fi
 
 exit 0
diff --git a/security/crowdsec/pkg-plist b/security/crowdsec/pkg-plist
index 3e3566388844..dd1afd08742f 100644
--- a/security/crowdsec/pkg-plist
+++ b/security/crowdsec/pkg-plist
@@ -1,51 +1,53 @@
 @mode 0755
 bin/crowdsec
 bin/cscli
 bin/crowdsec-cli
 libexec/crowdsec/upgrade-hub
 @mode 0600
 @sample %%ETCDIR%%/config.yaml.sample
 @sample %%ETCDIR%%/local_api_credentials.yaml.sample
 @sample %%ETCDIR%%/online_api_credentials.yaml.sample
 @sample %%ETCDIR%%/notifications/email.yaml.sample
 @sample %%ETCDIR%%/notifications/http.yaml.sample
+@sample %%ETCDIR%%/notifications/sentinel.yaml.sample
 @sample %%ETCDIR%%/notifications/slack.yaml.sample
 @sample %%ETCDIR%%/notifications/splunk.yaml.sample
 @mode 0644
 @sample %%ETCDIR%%/acquis.yaml.sample
 @sample %%ETCDIR%%/console.yaml.sample
 @sample %%ETCDIR%%/profiles.yaml.sample
 @sample %%ETCDIR%%/simulation.yaml.sample
 %%ETCDIR%%/patterns/aws
 %%ETCDIR%%/patterns/bacula
 %%ETCDIR%%/patterns/bro
 %%ETCDIR%%/patterns/cowrie_honeypot
 %%ETCDIR%%/patterns/exim
 %%ETCDIR%%/patterns/firewalls
 %%ETCDIR%%/patterns/haproxy
 %%ETCDIR%%/patterns/java
 %%ETCDIR%%/patterns/junos
 %%ETCDIR%%/patterns/linux-syslog
 %%ETCDIR%%/patterns/mcollective
 %%ETCDIR%%/patterns/modsecurity
 %%ETCDIR%%/patterns/mongodb
 %%ETCDIR%%/patterns/mysql
 %%ETCDIR%%/patterns/nagios
 %%ETCDIR%%/patterns/nginx
 %%ETCDIR%%/patterns/paths
 %%ETCDIR%%/patterns/postgresql
 %%ETCDIR%%/patterns/rails
 %%ETCDIR%%/patterns/redis
 %%ETCDIR%%/patterns/ruby
 %%ETCDIR%%/patterns/smb
 %%ETCDIR%%/patterns/ssh
 %%ETCDIR%%/patterns/tcpdump
 etc/cron.d/crowdsec
 @mode 0755
 lib/crowdsec/plugins/notification-email
 lib/crowdsec/plugins/notification-http
+lib/crowdsec/plugins/notification-sentinel
 lib/crowdsec/plugins/notification-slack
 lib/crowdsec/plugins/notification-splunk
 @dir %%ETCDIR%%/hub
 @dir /var/db/crowdsec/data
 @dir /var/db/crowdsec