[Bro] ASN Lookups

Dave Crawford bro at pingtrip.com
Fri Mar 10 13:01:33 PST 2017

Ahh yes, there is an error:

Reporter::ERROR Can't open GeoIP ASNUM database: /usr/share/GeoIP/GeoIPASNum.dat (lookup_asn(c$id$orig_h)) 

But the permissions look correct:

$ ls -l /usr/share/GeoIP/GeoIPASNum.dat
-rw-r--r-- 1 dcrawford dcrawford 4361995 Mar  6 10:14 /usr/share/GeoIP/GeoIPASNum.dat

Perhaps I grabbed the wrong version of the MaxMind ASN DB? This is the one I installed:

http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz <http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz>

> On Mar 10, 2017, at 3:52 PM, Seth Hall <seth at corelight.com> wrote:
> Your script looks fine to me.  Is it possible you’re seeing messages like "Can't open GeoIP ASNUM database” in your reporter log?
>  .Seth

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170310/4bc830b5/attachment.html 

More information about the Bro mailing list