[Bro] SSH Geodata Lookup Failures in 2.5
Seth Hall
seth at icir.org
Wed Dec 14 06:35:39 PST 2016
> On Dec 12, 2016, at 4:28 PM, Jason Holmes <jholmes at psu.edu> wrote:
>
> Bro version, auth_success, country_code logged, country_code not logged
> -----------------------------------------------------------------------
> 2.4-709, T, 22169, 26
> 2.4-709, F, 167400, 10
> 2.5, T, 0, 23120
> 2.5, F, 247183, 16
>
> Can anyone confirm that they are also seeing this behavior? I.e., that
> with 2.5 there is no geodata for successful SSH connections?
I'm curious if you have Bro built against libGeoIP correctly? What you are seeing would indicate to me that it isn't. It's also possible that you don't have the geoip database installed.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list