IIS Dashboard - need geoip help
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
IIS Dashboard - need geoip help
I have implemented the IIS Dashboard from Nagios Exchange. Posted by former employee.
https://exchange.nagios.org/directory/A ... rd/details
I am not seeing the expected data in the map and wonder if this is for an older version of NLS.
Can someone please see if this needs changes to work properly in the latest NLS?
Also, is there some geo ip thing I need to to do use a newer version? I believe some providers of geoip databases are no longer making updates maybe? Not sure.
Thanks
Steve B
https://exchange.nagios.org/directory/A ... rd/details
I am not seeing the expected data in the map and wonder if this is for an older version of NLS.
Can someone please see if this needs changes to work properly in the latest NLS?
Also, is there some geo ip thing I need to to do use a newer version? I believe some providers of geoip databases are no longer making updates maybe? Not sure.
Thanks
Steve B
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: IIS Dashboard - need geoip help
Hello, @SteveBeauchemin. Yes, the GeoIP database has been changed. Please find the geoip filter in the elasticsearch settings and add the following line:
For example:
Download the newer version of the geoip database from here:
https://geolite.maxmind.com/download/ge ... ity.tar.gz
Extract the GeoLite2-City.mmdb file to the /usr/share/GeoIP/ folder.
If that doesn't work please share the Log Server system profile. It can be gathered under Admin > System > System Status > Download System Profile.
Also, let me know if you can see the geoip field inside the events with the type "IIS_Requests".
Code: Select all
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
Code: Select all
geoip {
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
source => "c-ip"
}
https://geolite.maxmind.com/download/ge ... ity.tar.gz
Extract the GeoLite2-City.mmdb file to the /usr/share/GeoIP/ folder.
If that doesn't work please share the Log Server system profile. It can be gathered under Admin > System > System Status > Download System Profile.
Also, let me know if you can see the geoip field inside the events with the type "IIS_Requests".
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: IIS Dashboard - need geoip help
I updated to the mmdb file. But not seeing any geoip anywhere yet.
I am sending my profile as a PM to @npolovenko
Thanks
Steve B
I am sending my profile as a PM to @npolovenko
Thanks
Steve B
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: IIS Dashboard - need geoip help
@SteveBeauchemin, Just to clarify, you're not seeing any new events related to IIS in the events dashboard?
If you delete the filter but leave the input, will you be able to see raw IIS events on the dashboard?
Can you verify that the IIS device is actually sending logs to the log server?
Please include a sample of the log that is being sent.
If you delete the filter but leave the input, will you be able to see raw IIS events on the dashboard?
Can you verify that the IIS device is actually sending logs to the log server?
Please include a sample of the log that is being sent.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: IIS Dashboard - need geoip help
I have a ton of IIS hits. The filter and field extractor works perfectly. The IIS Dashboard is fully populated with lots of data. Just the map is not.
I just have nothing when I search for geoip. No search results.
Steve B
I just have nothing when I search for geoip. No search results.
Steve B
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: IIS Dashboard - need geoip help
Data is there... just no Geo IP data...
Steve BYou do not have the required permissions to view the files attached to this post.
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: IIS Dashboard - need geoip help
Tons of colors to display for dozens of servers...
The mushrooms finally kicked in.You do not have the required permissions to view the files attached to this post.
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: IIS Dashboard - need geoip help
@SteveBeauchemin, Please change this block in the filter:
To:
Code: Select all
geoip {
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
source => "c-ip"
}
Code: Select all
geoip {
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
source => "clientip"
}
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: IIS Dashboard - need geoip help
just nothing on the Map.
Same result. no geoip. Should I be able to search for geoip and get something? I actually get no matching data.
Steve B
Also - I did already try clientip and c-ip both... But did just now change it again to clientip which I saw in the filter.Same result. no geoip. Should I be able to search for geoip and get something? I actually get no matching data.
Steve B
You do not have the required permissions to view the files attached to this post.
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: IIS Dashboard - need geoip help
maybe I have a config issue...
Looking in elasticsearch log file I have some Java data...
It is not scrolling.
Does this help or make it more confusing.
Steve B
Looking in elasticsearch log file I have some Java data...
Code: Select all
[2019-06-17 15:01:09,204][DEBUG][action.index ] [d7d08025-52f9-44ca-af64-0beca7c2f116] [nagioslogserver][3], node[D02FGccLQRu8Ze4UIGNEFw], [P], s [STARTED]: Failed to execute [index {[nagioslogserver][cf_option][configuration_required], source[{"created":"2019-06-17 15:01:09","created_by":"AVs0eRz9mkiL _tWAkW5m","value":0}]}]
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [created_by]
at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:411)
at org.elasticsearch.index.mapper.object.ObjectMapper.serializeValue(ObjectMapper.java:706)
at org.elasticsearch.index.mapper.object.ObjectMapper.parse(ObjectMapper.java:497)
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:544)
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:493)
at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:492)
at org.elasticsearch.action.index.TransportIndexAction.shardOperationOnPrimary(TransportIndexAction.java:192)
at org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$PrimaryPhase.performOnPrimary(TransportShardReplicationOpera tionAction.java:574)
at org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$PrimaryPhase$1.doRun(TransportShardReplicationOperationActio n.java:440)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:36)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NumberFormatException: For input string: "AVs0eRz9mkiL_tWAkW5m"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:589)
at java.lang.Long.parseLong(Long.java:631)
at org.elasticsearch.common.xcontent.support.AbstractXContentParser.longValue(AbstractXContentParser.java:145)
at org.elasticsearch.index.mapper.core.LongFieldMapper.innerParseCreateField(LongFieldMapper.java:288)
at org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:239)
at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:401)
... 12 more
(Linux 3.10.0-957.10.1.el7.x86_64)nagios@ciulnls01:/var/log/elasticsearch
edited - chopped off next line item...
Does this help or make it more confusing.
Steve B
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1