[Bro] problems with geo scripts in phirelight repository
Azoff, Justin S
jazoff at illinois.edu
Wed Jul 27 12:15:22 PDT 2016
> On Jul 27, 2016, at 3:08 PM, philosnef <philosnef at yahoo.com> wrote:
>
> Yeah, no new columns at all. I am logging in json format, but they should still show up, right?
Ah, that complicates things because optional fields are not logged in json format. unlike the TSV logs it doesn't need a fixed column layout, so fields can only show up when needed..
geoip is probably broken for you in general.
I'd try this experiment. Some errors are ok since it tries some fallbacks, but you should get the result in the end:
$ cat test.bro
print lookup_location(8.8.8.8);
$ bro test.bro
Failed to open GeoIP Cityv6 database: /usr/local/var/GeoIP/GeoIPCityv6.dat
Failed to open GeoIPv6 Country database: /usr/local/var/GeoIP/GeoIPv6.dat
error in ./test.bro, line 1: Can't open GeoIPv6 City/Country database (lookup_location(8.8.8.8))
[country_code=US, region=CA, city=Mountain View, latitude=37.386002, longitude=-122.083801]
--
- Justin Azoff
More information about the Bro
mailing list