[Bro-Dev] #538: lookup_location() should handle missing database gracefully.

Bro Tracker bro at tracker.bro-ids.org
Thu Aug 4 19:16:22 PDT 2011


#538: lookup_location() should handle missing database gracefully.
---------------------+------------------------
 Reporter:  gregor   |      Owner:
     Type:  Problem  |     Status:  new
 Priority:  Normal   |  Milestone:  Bro1.6
Component:  Bro      |    Version:  git/master
 Keywords:           |
---------------------+------------------------
 If the city level GeoIP database isn't found lookup_location() prints
 error message on stderr. Some of these appear to come from libgeoip
 itself.

 Missing databases should be handled more gracefully.

 {{{
 Error Opening file /usr/local/share/GeoIP/GeoIPCity.dat
 1312300855.632467 error in /home/gregor/projects/bro-
 master/policy/protocols/ssh/base.bro, line 123: can't initialize GeoIP
 City database.. trying Country version (lookup_location(SSH::c$id$orig_h))
 }}}

 The first one is probably from libgeoip. We should try to prevent libgeoip
 from priting stuff on stderr....

 It appears that lookup_location() has a fallback for using the country
 database if the city database isn't found. In my case opening the country
 DB worked, but queries against it didn't. Error messages on stderr
 presumably from libgeoip:

 {{{
 Invalid database type GeoIP Country Edition, expected GeoIP City Edition,
 Rev 1
 Invalid database type GeoIP Country Edition, expected GeoIP City Edition,
 Rev 1
 Invalid database type GeoIP Country Edition, expected GeoIP City Edition,
 Rev 1
 [tons more of those]
 }}}

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/538>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list