[Bro] problems with geo scripts in phirelight repository

philosnef philosnef at yahoo.com
Wed Jul 27 12:08:51 PDT 2016

Yeah, no new columns at all. I am logging in json format, but they should still show up, right? 

    On Wednesday, July 27, 2016 3:05 PM, "Azoff, Justin S" <jazoff at illinois.edu> wrote:

> Begin forwarded message:
> From: philosnef <philosnef at yahoo.com>
> Subject: Re: [Bro] problems with geo scripts in phirelight repository
> Date: July 27, 2016 at 3:00:31 PM EDT
> To: "Azoff, Justin S" <jazoff at illinois.edu>
> Reply-To: philosnef <philosnef at yahoo.com>
> From my original message:
> The loadled_scripts.log says the add-X-conn.bro scripts are loaded.
> All the add scripts are already loaded, or loaded_scripts.log from the log directory would not say so?

Oh, derp. I can read.. really.. :-)

When you say "conn.log is not showing any country information" do you have the new columns?

add-country-conn.bro adds an "orig_country" and "resp_country" column. Do you have those 2 columns but they are blank, or do you not even have those columns?

If you don't have the columns at all that would be very odd.  If you have them but they are all blank, that would point to an issue with the geoip bindings or  databases.

- Justin Azoff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160727/03b4611c/attachment.html 

More information about the Bro mailing list