Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixes for GeoIP support (addresses #538).

Browse source 
- Missing GeoIP databases now generate warnings/errors that go through
  the reporter framework instead of hitting GeoIP's internal use of
  stderr

- lookup_location now just queries for country code if the city database
  was not loaded, which gets rid of invalid database type errors.

- lookup_location now leaves missing fields uninitialized in the
  returned geo_location record value.  Updated existing scripts to
  check for initialized fields in geo_location records before use.

- Fixed support for GeoIP's IPv6 API and databases
This commit is contained in:
Jon Siwek 2011-08-30 17:02:07 -05:00
parent 005b1505b8
commit 13a09aa488
5 changed files with 99 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/protocols/ssh/geo-data.bro
View file

@ -33,7 +33,7 @@ event SSH::heuristic_successful_login(c: connection) &priority=5
# Add the location data to the SSH record.
c$ssh$remote_location = location;
if ( location$country_code in watched_countries )
if ( location?$country_code && location$country_code in watched_countries )
{
NOTICE([$note=Login_From_Watched_Country,
$conn=c,