Page 1 of 1
Mapping IP's
Posted: Tue Dec 09, 2014 5:49 pm
by 34Bearman
I have my IP's from my firewall logs in NagiosLS. Having trouble getting them to show up in a map. Do I need to create another field and filter to geoIP them to get them into a map? Any help would be appreciated.
Re: Mapping IP's
Posted: Tue Dec 09, 2014 5:55 pm
by slansing
Re: Mapping IP's
Posted: Tue Dec 09, 2014 6:03 pm
by Box293
Have a look at this dashboard.
http://exchange.nagios.org/directory/Ad ... rd/details
The following note is probably the key to it all:
"requires the following filter:"
Code: Select all
if [program] == 'apache_access' {
geoip {
source => 'clientip'
}
}
Re: Mapping IP's
Posted: Wed Dec 10, 2014 9:27 am
by 34Bearman
I modified my config in Global Configuration. Instead of including the geoip code in the filter that parses the firewall logs I created a new filter. The new filter just contains the GeoIP code like above. It now works! Code below:
if [type] == "CiscoFW" {
geoip {
source => 'src_ip'
}
}
I'm seeing _grokparsefailure on some of the Cisco FW logs so I suspect that could be part of the issue.
Please lock the topic.
Locked