Also related to geoip lookups, it might be worth adding to the
documentation that this is for geoip 1 not geoip2. I just googled "mindmax
free geoip database" and download the free geoip2 database (not know there
was a geoip1). When I fire up pmacct pointing to the geoip2 database it
seg faults in a hurry:
Program received signal SIGSEGV, Segmentation fault.
INFO ( 10.1.1.205-9996/nfprobe ): Exporting flows to [10.1.1.205]:9996
0x77f5d7b0 in _GeoIP_seek_record () from /usr/lib/libGeoIP.so.1
(gdb) where
#0 0x77f5d7b0 in _GeoIP_seek_record () from /usr/lib/libGeoIP.so.1
#1 0x77f5e03c in GeoIP_id_by_ipnum () from /usr/lib/libGeoIP.so.1
#2 0x00425300 in src_host_country_handler (chptr=<value optimized out>,
pptrs=0x7fff3c90, data=<value optimized out>) at pkt_handlers.c:4008
#3 0x0041c388 in exec_plugins (pptrs=0x7fff3c90) at plugin_hooks.c:252
#4 0x004581c8 in pcap_cb (user=0x7fff3ee8 "", pkthdr=<value optimized
out>, buf=<value optimized out>) at nl.c:80
#5 0x004137e0 in main (argc=3, argv=0x7fff68f4, envp=0x7fff6904) at
uacctd.c:830
Of course using the right database solves that crash.
On Fri, Feb 21, 2014 at 5:04 PM, Stig Thormodsrud <sthor...@gmail.com>wrote:
>
> I noticed when using geoip and json output that the country_ip_src was
> displayed but not the country_ip_dst. This patch seems to fix it:
>
> diff --git a/src/pmacct.c b/src/pmacct.c
> index d62ba44..b29c7a3 100644
> --- a/src/pmacct.c
> +++ b/src/pmacct.c
> @@ -2996,7 +2996,7 @@ char *pmc_compose_json(u_int64_t wtc, u_int64_t
> wtc_2, u_int8_t flow_type, struc
> json_decref(kv);
> }
>
> - if (wtc & COUNT_DST_HOST_COUNTRY) {
> + if (wtc_2 & COUNT_DST_HOST_COUNTRY) {
> if (pbase->dst_ip_country > 0)
> kv = json_pack("{ss}", "country_ip_dst",
> GeoIP_code_by_id(pbase->dst_ip_country));
> else
>
>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
