[Bro] ASN Lookups
bro at pingtrip.com
Fri Mar 10 16:18:20 PST 2017
Closing the loop on this… totally self-inflicted. I deployed the MaxMind database to the manger but forgot to also deploy to all the sensors.
Everything is working as intended now.
> On Mar 10, 2017, at 4:01 PM, Dave Crawford <bro at pingtrip.com> wrote:
> Ahh yes, there is an error:
> Reporter::ERROR Can't open GeoIP ASNUM database: /usr/share/GeoIP/GeoIPASNum.dat (lookup_asn(c$id$orig_h))
> But the permissions look correct:
> $ ls -l /usr/share/GeoIP/GeoIPASNum.dat
> -rw-r--r-- 1 dcrawford dcrawford 4361995 Mar 6 10:14 /usr/share/GeoIP/GeoIPASNum.dat
> Perhaps I grabbed the wrong version of the MaxMind ASN DB? This is the one I installed:
> http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz <http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz>
>> On Mar 10, 2017, at 3:52 PM, Seth Hall <seth at corelight.com <mailto:seth at corelight.com>> wrote:
>> Your script looks fine to me. Is it possible you’re seeing messages like "Can't open GeoIP ASNUM database” in your reporter log?
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro