MaxMind GeoIP support in 3.0.8.2
Kevin Branch
kevin at branchnetconsulting.com
Fri Sep 28 13:59:48 EDT 2018
Hi Carter,
I was just trying today to make ralabel on argus 3.0.8.2 do GeoIP labeling
with GeoIPCity.dat, but even though the file referred to in ralabel.conf
for that purpose exists, no GeoIP labeling takes place. ASN lookups work
great, but ralabel never adds any scity or dcity fields.
My ralabel.conf:
RALABEL_ARIN_COUNTRY_CODES=no
RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_CITY="reg,cco"
RALABEL_GEOIP_CITY_FILE="/usr/local/share/GeoIP/GeoIPCity.dat"
No errors are thrown by ralabel. I thought maybe I needed to specially
compile in GeoIP support like I read about here:
https://qosient.com/argus/geolocation.shtml
but when I run "./configure --with-GeoIP=yes" it throws this error:
configure: WARNING: unrecognized options: --with-GeoIP
However, I presume the fact that ASN lookups work means that MaxMind GeoIP
support libraries are already installed, and presumably installed by
default in the latest argus now.
# ra -r /argus/today/unt-01.arg -w - | ralabel -f /etc/ralabel.conf -r - -s
sas,das,scity,dcity,icity | head -n20
sAS dAS
4323
4323
4323
22927 4323
6582 4323
7018 4323
4323 3
4323
4323 15169
4323
4323
4323 15169
4323 21928
2828 4323
Any thoughts on what I am missing or how I might further debug this issue?
Thanks!
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20180928/1ff9ca78/attachment.html>
More information about the argus
mailing list