Mapping IP's
Mapping IP's
I have my IP's from my firewall logs in NagiosLS. Having trouble getting them to show up in a map. Do I need to create another field and filter to geoIP them to get them into a map? Any help would be appreciated.
-
slansing
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: Mapping IP's
You will want to add a filter for this, what do you have so far?:
http://support.nagios.com/forum/viewtop ... 38&t=29761
http://support.nagios.com/forum/viewtop ... 5&p=116078
http://support.nagios.com/forum/viewtop ... 38&t=29761
http://support.nagios.com/forum/viewtop ... 5&p=116078
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: Mapping IP's
Have a look at this dashboard.
http://exchange.nagios.org/directory/Ad ... rd/details
The following note is probably the key to it all:
"requires the following filter:"
http://exchange.nagios.org/directory/Ad ... rd/details
The following note is probably the key to it all:
"requires the following filter:"
Code: Select all
if [program] == 'apache_access' {
geoip {
source => 'clientip'
}
}As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Mapping IP's
I modified my config in Global Configuration. Instead of including the geoip code in the filter that parses the firewall logs I created a new filter. The new filter just contains the GeoIP code like above. It now works! Code below:
if [type] == "CiscoFW" {
geoip {
source => 'src_ip'
}
}
I'm seeing _grokparsefailure on some of the Cisco FW logs so I suspect that could be part of the issue.
Please lock the topic.
Locked
if [type] == "CiscoFW" {
geoip {
source => 'src_ip'
}
}
I'm seeing _grokparsefailure on some of the Cisco FW logs so I suspect that could be part of the issue.
Please lock the topic.
Locked