Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

need help getting geoip up and running

https://support.nagios.com/forum/viewtopic.php?t=37233

Page 1 of 2

need help getting geoip up and running

Posted: Wed Feb 24, 2016 12:02 pm
by benhank
Hey Guys!

Im trying to get this dashboard working:

Code: Select all

https://exchange.nagios.org/directory/Addons/Nagios-Log-Server/Dashboards/Cisco-ASA-VPN-Monitoring/details
but all I get is this:
Capture.PNG
Here is a copy of my setup:

Code: Select all

# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Wed, 24 Feb 2016 11:55:32 -0500
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    syslog {
        type => 'syslog'
        port => 514
    }
    syslog {
        type => 'asa'
        port => 6514
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
    file {
        path => '/var/log/logstash/logstash.log'
    }
}
#
# Local inputs
#
#
# Global filters
#
filter {
    if [program] == 'apache_access' {
        grok {
            match => [ 'message', '%{COMBINEDAPACHELOG}']
        }
        date {
            match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ]
        }
        mutate {
            replace => [ 'type', 'apache_access' ]
             convert => [ 'bytes', 'integer' ]
             convert => [ 'response', 'integer' ]
        }
    }
     
    if [program] == 'apache_error' {
        grok {
            match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[%{WORD:class}\] \[%{WORD:originator} %{IP:clientip}\] %{GREEDYDATA:errmsg}']
        }
        mutate {
            replace => [ 'type', 'apache_error' ]
        }
    }
    if [type] == 'asa' {
    grok{
    match => ['message', '%{SYSLOG5424PRI}%%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{IPORHOST:Group}, Username = %{IPORHOST:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d? ?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
    }
    geoip {
      source => "IPAddress"
    }
    }
}
#
# Local filters
#
#
# Global outputs
#
#
# Local outputs
#
I installed NLS using the VM and I am running the latest version.
I cant figure out what is going wrong.
good yo be back btw =p

Re: need help getting geoip up and running

Posted: Wed Feb 24, 2016 3:02 pm
by jolson
No logs are showing up on that dashboard, meaning that one of the following is happening:

1. Your ASA logs are different than what your filter expects. Could you post an example ASA log of yours please?
2. Your ASA logs are not reaching Nagios Log Server at all - this could be due to firewall problems, logstash problems, etc. Try tail -n100 /var/log/logstash/logstash.log

Could you please provide some of the information above? Thanks!

Jesse

Re: need help getting geoip up and running

Posted: Wed Feb 24, 2016 3:23 pm
by hsmith
Just to add a little on here, I have a dashboard that shows failed login attempts on my VPS, and after struggling with the filter, I realized how easy it is to do a geoIP one:

Code: Select all

if [type] == 'syslog' {
    geoip {
        source => 'ip'
    }
}
In case you ever wanted to make one of your own. That takes anything with a type of 'syslog' that has information in the 'ip' field, and generates a ton of information for it.

Re: need help getting geoip up and running

Posted: Mon Feb 29, 2016 5:30 pm
by benhank
sorry for the delay.

there are a few of them:( sensitive data has been edited)

Code: Select all

Feb 29 13:52:03 ASA-Active %ASA-4-722041: TunnelGroup <HVMA_Domain_Users_Group> GroupPolicy <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> No IPv6 address available for SVC connection
Feb 29 13:52:03 ASA-Active %ASA-5-722033: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> First TCP SVC connection established for SVC session.
Feb 29 13:52:03 ASA-Active %ASA-4-722051: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> IPv4 Address <172.30.240.68> IPv6 address <::> assigned to session
Feb 29 13:52:04 ASA-Active %ASA-5-722033: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> First UDP SVC connection established for SVC session.
Feb 29 13:52:27 ASA-Active %ASA-5-722012: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> SVC Message: 16/NOTICE: The user has requested to disconnect the connection..
Feb 29 13:52:27 ASA-Active %ASA-5-722037: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> SVC closing connection: User Requested.
Feb 29 13:52:27 ASA-Active %ASA-4-113019: Group = HVMA_Domain_Users_Group, Username = testuser, IP = 1.1.1.1, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:45s, Bytes xmt: 378576, Bytes rcv: 229060, Reason: User Requested

Re: need help getting geoip up and running

Posted: Tue Mar 01, 2016 1:50 pm
by ssax
Thanks for posting that, I'm going to lab this up and see what we can do. I'll let you know what I find.

Re: need help getting geoip up and running

Posted: Tue Mar 01, 2016 4:18 pm
by ssax
Here is what I had to do to make the filter work for yours:

Code: Select all

if [type] == 'asa' {
	grok {
		match => ['message', '%{CISCOTIMESTAMP} %{WORD:LogType}-%{WORD:NOTSURE} %%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{WORD:Group}, Username = %{WORD:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}-%{WORD:NOTSURE2}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d?}%{CUSTOM3=:?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
	}
	geoip {
	  source => "IPAddress"
	}
}
These are the ones it matches:

Code: Select all

Feb 29 13:52:27 ASA-Active %ASA-4-113019: Group = HVMA_Domain_Users_Group, Username = testuser, IP = 1.1.1.1, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:45s, Bytes xmt: 378576, Bytes rcv: 229060, Reason: User Requested
Try it out and let me know the results.

Re: need help getting geoip up and running

Posted: Wed Mar 02, 2016 1:28 pm
by benhank
i still get the same results. here is my updated NLS setup:

Code: Select all

if [type] == 'asa' {
   grok {
      match => ['message', '%{CISCOTIMESTAMP} %{WORD:LogType}-%{WORD:NOTSURE} %%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{WORD:Group}, Username = %{WORD:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}-%{WORD:NOTSURE2}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d?}%{CUSTOM3=:?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
   }
   geoip {
     source => "IPAddress"
   }
}
I suspect that I might have to make changes to the dashboard creators file. here it is:

Code: Select all

{
  "title": "VPN_Sessions",
  "edit_type": "global",
  "services": {
    "query": {
      "list": {
        "0": {
          "query": "Reason:(\"Port Error\") or Reason:(\"NAS Error\") or Reason:(\"NAS Request\") or Reason:(\"NAS Reboot\") or Reason:(\"Connection preempted\") or Reason:(\"Port Suspended\") or Reason:(\"Service Unavailable\") or Reason:(\"SA Expired\") or Reason:(\"Bandwidth Management Error\") or Reason:(\"Certificate Expired\") or Reason:(\"Phase 2 Mismatch\") or Reason:(\"Firewall Mismatch\") or Reason:(\"ACL Parse Error\") or Reason:(\"Phase 2 Error\") or Reason:(\"Internal Error\") or Reason:(\"Crypto map policy not found\") or Reason:(\"L2TP initiated\")  or Reason:(\"NAC-Policy Error\") or Reason:(\"Dynamic Access Policy terminate\")  or Reason:(\"Client type not supported\")  or Reason:(\"Unknown\")",
          "alias": "Errors",
          "color": "#BF1B00",
          "id": 0,
          "pin": true,
          "type": "lucene",
          "enable": true
        },
        "1": {
          "id": 1,
          "color": "#7EB26D",
          "alias": "OK Reasons",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"User Requested\") or  Reason:(\"Host Requested\") or Reason:(\"VLAN Mapping Error\")"
        },
        "2": {
          "id": 2,
          "color": "#EF843C",
          "alias": "Warning / Forced",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Administrator Reset\") or Reason:(\"Administrator Reboot\") or Reason:(\"Administrator Shutdown\") or Reason:(\"User error\") or Reason:(\"IKE Delete\") or Reason:(\"Peer Address Changed\")"
        },
        "3": {
          "id": 3,
          "color": "#64B0C8",
          "alias": "Reconnect /Callback",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Peer Reconnected\") or Reason:(\"Callback\")"
        },
        "4": {
          "id": 4,
          "color": "#D683CE",
          "alias": "Unexpected",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Lost Carrier\") or Reason:(\"Lost Service\")"
        },
        "5": {
          "id": 5,
          "color": "#F4D598",
          "alias": "Timeout",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Idle Timeout\") or Reason:(\"Max time exceeded\") or Reason:(\"Port unneeded\")"
        }
      },
      "ids": [
        0,
        1,
        2,
        3,
        4,
        5
      ]
    },
    "filter": {
      "list": {
        "0": {
          "type": "time",
          "field": "@timestamp",
          "from": "now-24h",
          "to": "now",
          "mandate": "must",
          "active": true,
          "alias": "",
          "id": 0
        },
        "1": {
          "type": "field",
          "field": "_type",
          "query": "\"asa\"",
          "mandate": "must",
          "active": true,
          "alias": "",
          "id": 1
        },
        "2": {
          "type": "field",
          "field": "LogMessageNumber",
          "query": "\"113019\"",
          "mandate": "must",
          "active": true,
          "alias": "",
          "id": 2
        }
      },
      "ids": [
        0,
        1,
        2
      ]
    }
  },
  "rows": [
    {
      "title": "Map",
      "height": "400px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "error": false,
          "span": 6,
          "editable": true,
          "type": "bettermap",
          "loadingEditor": false,
          "field": "geoip.location",
          "size": 1000,
          "spyable": true,
          "tooltip": "username",
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "title": "Location of Clients"
        },
        {
          "error": false,
          "span": 2,
          "editable": true,
          "type": "terms",
          "loadingEditor": false,
          "field": "Reason",
          "exclude": [],
          "missing": true,
          "other": true,
          "size": 10,
          "order": "count",
          "style": {
            "font-size": "10pt"
          },
          "donut": false,
          "tilt": false,
          "labels": true,
          "arrangement": "horizontal",
          "chart": "pie",
          "counter_pos": "none",
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "tmode": "terms",
          "tstat": "total",
          "valuefield": "",
          "title": "Termination Reasons"
        },
        {
          "error": false,
          "span": 2,
          "editable": true,
          "type": "terms",
          "loadingEditor": false,
          "field": "host.raw",
          "exclude": [],
          "missing": true,
          "other": true,
          "size": 10,
          "order": "count",
          "style": {
            "font-size": "9pt"
          },
          "donut": false,
          "tilt": false,
          "labels": true,
          "arrangement": "horizontal",
          "chart": "pie",
          "counter_pos": "none",
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "tmode": "terms",
          "tstat": "total",
          "valuefield": "",
          "title": "Firewalls"
        },
        {
          "error": false,
          "span": 2,
          "editable": true,
          "type": "terms",
          "loadingEditor": false,
          "field": "username",
          "exclude": [],
          "missing": false,
          "other": false,
          "size": 10,
          "order": "count",
          "style": {
            "font-size": "10pt"
          },
          "donut": false,
          "tilt": false,
          "labels": true,
          "arrangement": "horizontal",
          "chart": "table",
          "counter_pos": "above",
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "tmode": "terms",
          "tstat": "count",
          "valuefield": "BytesTransmitted",
          "title": "Top VPN sessions"
        }
      ],
      "notice": false
    },
    {
      "title": "Graph",
      "height": "300px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "span": 12,
          "editable": true,
          "group": [
            "default"
          ],
          "type": "histogram",
          "mode": "count",
          "time_field": "@timestamp",
          "value_field": null,
          "auto_int": true,
          "resolution": 100,
          "interval": "10m",
          "fill": 3,
          "linewidth": 3,
          "timezone": "browser",
          "spyable": true,
          "zoomlinks": true,
          "bars": true,
          "stack": true,
          "points": false,
          "lines": false,
          "legend": true,
          "x-axis": true,
          "y-axis": true,
          "percentage": false,
          "interactive": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "title": "Events over time",
          "intervals": [
            "auto",
            "1s",
            "1m",
            "5m",
            "10m",
            "30m",
            "1h",
            "3h",
            "12h",
            "1d",
            "1w",
            "1M",
            "1y"
          ],
          "options": true,
          "tooltip": {
            "value_type": "cumulative",
            "query_as_alias": true
          },
          "scale": 1,
          "y_format": "none",
          "grid": {
            "max": null,
            "min": 0
          },
          "annotate": {
            "enable": false,
            "query": "*",
            "size": 20,
            "field": "_type",
            "sort": [
              "_score",
              "desc"
            ]
          },
          "pointradius": 5,
          "show_query": true,
          "legend_counts": true,
          "zerofill": true,
          "derivative": false
        }
      ],
      "notice": false
    },
    {
      "title": "Data Transfer",
      "height": "300px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "span": 6,
          "editable": true,
          "type": "histogram",
          "loadingEditor": false,
          "mode": "mean",
          "time_field": "@timestamp",
          "value_field": "BytesReceived",
          "x-axis": true,
          "y-axis": true,
          "scale": "1",
          "y_format": "bytes",
          "grid": {
            "max": null,
            "min": 0
          },
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "annotate": {
            "enable": false,
            "query": "*",
            "size": 20,
            "field": "_type",
            "sort": [
              "_score",
              "desc"
            ]
          },
          "auto_int": true,
          "resolution": 100,
          "interval": "10m",
          "intervals": [
            "auto",
            "1s",
            "1m",
            "5m",
            "10m",
            "30m",
            "1h",
            "3h",
            "12h",
            "1d",
            "1w",
            "1y"
          ],
          "lines": true,
          "fill": 0,
          "linewidth": 3,
          "points": false,
          "pointradius": 5,
          "bars": false,
          "stack": false,
          "spyable": true,
          "zoomlinks": true,
          "options": true,
          "legend": false,
          "show_query": true,
          "interactive": true,
          "legend_counts": true,
          "timezone": "browser",
          "percentage": false,
          "zerofill": true,
          "derivative": false,
          "tooltip": {
            "value_type": "individual",
            "query_as_alias": true
          },
          "title": "Bytes Transmitted"
        },
        {
          "span": 6,
          "editable": true,
          "type": "histogram",
          "loadingEditor": false,
          "mode": "total",
          "time_field": "@timestamp",
          "value_field": "BytesReceived",
          "x-axis": true,
          "y-axis": true,
          "scale": 1,
          "y_format": "bytes",
          "grid": {
            "max": null,
            "min": 0
          },
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "annotate": {
            "enable": false,
            "query": "*",
            "size": 20,
            "field": "_type",
            "sort": [
              "_score",
              "desc"
            ]
          },
          "auto_int": false,
          "resolution": 100,
          "interval": "10m",
          "intervals": [
            "auto",
            "1s",
            "1m",
            "5m",
            "10m",
            "30m",
            "1h",
            "3h",
            "12h",
            "1d",
            "1w",
            "1y"
          ],
          "lines": true,
          "fill": 0,
          "linewidth": 3,
          "points": false,
          "pointradius": 5,
          "bars": false,
          "stack": false,
          "spyable": true,
          "zoomlinks": true,
          "options": true,
          "legend": false,
          "show_query": true,
          "interactive": true,
          "legend_counts": true,
          "timezone": "browser",
          "percentage": false,
          "zerofill": true,
          "derivative": false,
          "tooltip": {
            "value_type": "cumulative",
            "query_as_alias": true
          },
          "title": "Bytes Received"
        }
      ],
      "notice": false
    },
    {
      "title": "Events",
      "height": "350px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "title": "All events",
          "error": false,
          "span": 12,
          "editable": true,
          "group": [
            "default"
          ],
          "type": "table",
          "size": 50,
          "pages": 5,
          "offset": 0,
          "sort": [
            "@timestamp",
            "desc"
          ],
          "style": {
            "font-size": "9pt"
          },
          "overflow": "min-height",
          "fields": [
            "@timestamp",
            "host",
            "DurationHours",
            "DurationMinutes",
            "IPAddress",
            "username",
            "Reason",
            "geoip.country_name",
            "geoip.city_name"
          ],
          "localTime": true,
          "timeField": "@timestamp",
          "highlight": [],
          "sortable": true,
          "header": true,
          "paging": true,
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "field_list": true,
          "status": "Stable",
          "trimFactor": 900,
          "normTimes": true,
          "all_fields": false
        }
      ],
      "notice": false
    }
  ],
  "editable": true,
  "failover": false,
  "index": {
    "interval": "day",
    "pattern": "[logstash-]YYYY.MM.DD",
    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
    "warm_fields": true
  },
  "style": "light",
  "panel_hints": true,
  "pulldowns": [
    {
      "type": "query",
      "collapse": false,
      "notice": false,
      "query": "*",
      "pinned": true,
      "history": [
        "Reason:(\"Idle Timeout\") or Reason:(\"Max time exceeded\") or Reason:(\"Port unneeded\")",
        "Reason:(\"Lost Carrier\") or Reason:(\"Lost Service\")",
        "Reason:(\"Peer Reconnected\") or Reason:(\"Callback\")",
        "Reason:(\"Administrator Reset\") or Reason:(\"Administrator Reboot\") or Reason:(\"Administrator Shutdown\") or Reason:(\"User error\") or Reason:(\"IKE Delete\") or Reason:(\"Peer Address Changed\")",
        "Reason:(\"User Requested\") or  Reason:(\"Host Requested\") or Reason:(\"VLAN Mapping Error\")",
        "Reason:(\"Port Error\") or Reason:(\"NAS Error\") or Reason:(\"NAS Request\") or Reason:(\"NAS Reboot\") or Reason:(\"Connection preempted\") or Reason:(\"Port Suspended\") or Reason:(\"Service Unavailable\") or Reason:(\"SA Expired\") or Reason:(\"Bandwidth Management Error\") or Reason:(\"Certificate Expired\") or Reason:(\"Phase 2 Mismatch\") or Reason:(\"Firewall Mismatch\") or Reason:(\"ACL Parse Error\") or Reason:(\"Phase 2 Error\") or Reason:(\"Internal Error\") or Reason:(\"Crypto map policy not found\") or Reason:(\"L2TP initiated\")  or Reason:(\"NAC-Policy Error\") or Reason:(\"Dynamic Access Policy terminate\")  or Reason:(\"Client type not supported\")  or Reason:(\"Unknown\")",
        "*",
        "Reason:(\"Idle Timeout\") or Reason:(\"Max time exceeded\") or Reason:(\"Port Error\") or Reason:(\"NAS Error\") or Reason:(\"NAS Request\") or Reason:(\"NAS Reboot\") or Reason:(\"Port unneeded\") or Reason:(\"Connection preempted\") or Reason:(\"Port Suspended\") or Reason:(\"Service Unavailable\") or Reason:(\"SA Expired\") or Reason:(\"Bandwidth Management Error\") or Reason:(\"Certificate Expired\") or Reason:(\"Phase 2 Mismatch\") or Reason:(\"Firewall Mismatch\") or Reason:(\"ACL Parse Error\") or Reason:(\"Phase 2 Error\") or Reason:(\"Internal Error\") or Reason:(\"Crypto map policy not found\") or Reason:(\"L2TP initiated\")  or Reason:(\"NAC-Policy Error\") or Reason:(\"Dynamic Access Policy terminate\")  or Reason:(\"Client type not supported\")  or Reason:(\"Unknown\")",
        "Reason:(\"Peer Reconnected\")",
        "Reason:(\"Administrator Reset\") or Reason:(\"Administrator Reboot\") or Reason:(\"Administrator Shutdown\")"
      ],
      "remember": 10,
      "enable": true
    },
    {
      "type": "filtering",
      "collapse": false,
      "notice": true,
      "enable": true
    }
  ],
  "nav": [
    {
      "type": "timepicker",
      "collapse": false,
      "notice": false,
      "status": "Stable",
      "time_options": [
        "5m",
        "15m",
        "1h",
        "2h",
        "6h",
        "12h",
        "24h",
        "2d",
        "7d",
        "30d"
      ],
      "refresh_intervals": [
        "5s",
        "10s",
        "30s",
        "1m",
        "5m",
        "15m",
        "30m",
        "1h",
        "2h",
        "1d"
      ],
      "timefield": "@timestamp",
      "now": true,
      "filter_id": 0,
      "enable": true
    }
  ],
  "loader": {
    "save_gist": false,
    "save_elasticsearch": true,
    "save_local": true,
    "save_default": true,
    "save_temp": true,
    "save_temp_ttl_enable": true,
    "save_temp_ttl": "30d",
    "load_gist": true,
    "load_elasticsearch": true,
    "load_elasticsearch_size": 20,
    "load_local": true,
    "hide": false
  },
  "refresh": false,
  "dash_type": "elasticsearch"
}

Re: need help getting geoip up and running

Posted: Wed Mar 02, 2016 5:12 pm
by ssax
There is a difference between yours and mine, use this one:
VPN_Sessions-1456956456742.zip

Re: need help getting geoip up and running

Posted: Mon Mar 07, 2016 11:29 am
by benhank
Still no go. all screens are blank

Re: need help getting geoip up and running

Posted: Mon Mar 07, 2016 11:32 am
by jolson
benhank,

Is there any chance you'd like to do a remote to pin this down? I think an issue like this one deserves a live session - it'd be a lot easier to hunt down the problems then. Give us an email at [email protected] and we'll hook you up! ;)
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited