Sure :)
Is unchanged i think on my other manual installation with more or less
Productiv Traffic it looks same. But here a screenshot from the VM:
<https://lh3.googleusercontent.com/-1YoS84W8Z8I/Vv5rySuqBoI/AAAAAAAAAAw/91sof8Iy5fUWuiRgoSppAFvb66rq4qkZQ/s1600/config.png>
Am Freitag, 1. April 2016 14:31:50 UTC+2 schrieb Edmundo Alvarez:
>
> It looks like it's running before extractors in your Graylog instance.
> Could you please share with us your "Message Processors Configuration" in
> System -> Configurations?
>
> Edmundo
>
> > On 01 Apr 2016, at 13:36, Micha - <[email protected] <javascript:>>
> wrote:
> >
> > Hi Edmundo,
> >
> > Thanks for your reply - but then i guess should work since i have
> already an extractor and a field (client_ip) with only the IP Address - but
> it doesnt.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Seems still to me like it only resolves the sender Address, hmrpf
> >
> > Am Freitag, 1. April 2016 13:10:19 UTC+2 schrieb Edmundo Alvarez:
> > Hi Michael,
> >
> > The Geo-location resolver looks for IPs in all fields that _only_
> contain an IP address. That means, you need to extract the IP to it's own
> field (using an extractor or sending logs with something like GELF), to
> make the geo-location work.
> >
> > The description text is unfortunately outdated, but will take care of
> fixing it for the next release.
> >
> > I hope that helps.
> >
> > Regards,
> > Edmundo
> >
> > > On 01 Apr 2016, at 09:55, [email protected] wrote:
> > >
> > > Hi,
> > >
> > > Maybe I missed something somewhere, but it looks to me like
> Geo-Location Processor only tries to resolve the sender address of the
> message, and not any fields like stated in the description
> > >
> > > "scans all fields of every message for IPv4 addresses"
> > >
> > >
> > > On a graylog-beta-2.0.0-beta.1-1.ova I just enabled the Plugin under
> configuration and added the DB file from Maxmind.
> > >
> > > Graylog Settings:
> > >
> > > Geo-Location Processor
> > >
> > > If enabled, the GeoIP processor plugin scans all fields of every
> message for IPv4 addresses and puts the location information into a field
> named fieldname_geolocation where "fieldname" is the name of the field in
> which an IP address has been found.
> > >
> > > Enabled: yes
> > > Database type: City database
> > > Database path: /etc/graylog/GeoLite2-City.mmdb
> > >
> > > root@graylog-beta:~# ll /etc/graylog/GeoLite2-City.mmdb
> > > -rw-rw-r-- 1 root root 36745923 Mar 29 08:05
> /etc/graylog/GeoLite2-City.mmdb
> > >
> > >
> > > when i send a sample msg line into Graylog:
> > > root@graylog-beta:~# echo '8.8.8.8 - test message' | ncat -w1 -u
> 127.0.0.1 51
> > >
> > >
> > >
> > >
> > >
> > > With Subystem Indexer Logging set to Debug i get this:
> > > 2016-04-01_07:21:22.17052 2016-04-01 07:21:22,159 DEBUG:
> org.graylog.plugins.map.geoip.GeoIpResolverEngine - Could not get location
> from IP 127.0.0.1
> > > 2016-04-01_07:21:22.17079
> com.maxmind.geoip2.exception.AddressNotFoundException: The address
> 127.0.0.1 is not in the database.
> > > 2016-04-01_07:21:22.17149 at
> com.maxmind.geoip2.DatabaseReader.get(DatabaseReader.java:161)
> ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?]
> > > 2016-04-01_07:21:22.17230 at
> com.maxmind.geoip2.DatabaseReader.city(DatabaseReader.java:217)
> ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?]
> > > 2016-04-01_07:21:22.17284 at
> org.graylog.plugins.map.geoip.GeoIpResolverEngine.extractGeoLocationInformation(GeoIpResolverEngine.java:100)
>
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?]
> > > 2016-04-01_07:21:22.17429 at
> org.graylog.plugins.map.geoip.GeoIpResolverEngine.filter(GeoIpResolverEngine.java:74)
>
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?]
> > > 2016-04-01_07:21:22.17572 at
> org.graylog.plugins.map.geoip.processor.GeoIpProcessor.process(GeoIpProcessor.java:79)
>
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?]
> > > 2016-04-01_07:21:22.17587 at
> org.graylog2.buffers.processors.ServerProcessBufferProcessor.handleMessage(ServerProcessBufferProcessor.java:56)
>
> [graylog.jar:?]
> > > 2016-04-01_07:21:22.17656 at
> org.graylog2.shared.buffers.processors.ProcessBufferProcessor.dispatchMessage(ProcessBufferProcessor.java:82)
>
> [graylog.jar:?]
> > > 2016-04-01_07:21:22.18244 at
> org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:61)
>
> [graylog.jar:?]
> > > 2016-04-01_07:21:22.18651 at
> org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35)
>
> [graylog.jar:?]
> > > 2016-04-01_07:21:22.18660 at
> com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:139)
> [graylog.jar:?]
> > > 2016-04-01_07:21:22.18663 at
> com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66)
>
> [graylog.jar:?]
> > > 2016-04-01_07:21:22.18665 at
> java.lang.Thread.run(Thread.java:745) [?:1.8.0_74]
> > >
> > > Regards
> > > Micha
> > >
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups "Graylog Users" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> > > To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/908b3309-0a13-4fff-8c77-664af336d4a0%40googlegroups.com.
>
>
> > > For more options, visit https://groups.google.com/d/optout.
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Graylog Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected] <javascript:>.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/364393e1-bec0-4a97-9695-2e7f6a1cd70f%40googlegroups.com.
>
>
> > For more options, visit https://groups.google.com/d/optout.
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/81b74b55-4445-4b70-880a-8f790511c670%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
