[Bro] issue with geoip lookups
Nicholas Weaver
nweaver at ICSI.Berkeley.EDU
Fri Oct 5 06:59:39 PDT 2007
On Fri, Oct 05, 2007 at 08:38:01AM -0400, Stephen Smith composed:
> I'm using the GeoIP lookup functionality in 1.3 and everything looks to be
> working fine, except that all the addresses are getting looked up
> "backwards". For example, if Bro looks up the address 64.236.22.63, I will
> get a log entry
>
> Connection to: 64.236.22.63 (Westford, MA, US)
>
> which does not match with the output of a manual lookup with geoiplookup.
>
> However if I run 63.22.236.64 through geoiplookup, I get
>
> GeoIP City Edition, Rev 0: US, MA, Westford
>
> I have confirmed this with several different IPs. I'm running Bro 1.3.2 on
> FreeBSD 6.2 with the ports install of GeoIP 1.4.3. Any suggestions?
This is just simply a print order, (City, region, country) rather than
(country, region, city), I believe. What is the function you are
using to print out the location?
--
Nicholas C. Weaver nweaver at icsi.berkeley.edu
This message has been ROT-13 encrypted twice for higher security.
More information about the Bro
mailing list