[Bro] problems with geo scripts in phirelight repository
Azoff, Justin S
jazoff at illinois.edu
Wed Jul 27 12:05:35 PDT 2016
> Begin forwarded message:
> From: philosnef <philosnef at yahoo.com>
> Subject: Re: [Bro] problems with geo scripts in phirelight repository
> Date: July 27, 2016 at 3:00:31 PM EDT
> To: "Azoff, Justin S" <jazoff at illinois.edu>
> Reply-To: philosnef <philosnef at yahoo.com>
> From my original message:
> The loadled_scripts.log says the add-X-conn.bro scripts are loaded.
> All the add scripts are already loaded, or loaded_scripts.log from the log directory would not say so?
Oh, derp. I can read.. really.. :-)
When you say "conn.log is not showing any country information" do you have the new columns?
add-country-conn.bro adds an "orig_country" and "resp_country" column. Do you have those 2 columns but they are blank, or do you not even have those columns?
If you don't have the columns at all that would be very odd. If you have them but they are all blank, that would point to an issue with the geoip bindings or databases.
- Justin Azoff
More information about the Bro