graylog2-server
graylog2-server copied to clipboard
Graylog2
GeoIP processor stopped working after upgrade to 4.3.4
After successful upgrade to 4.3.4 Graylog stopped parsing GeoIP data and ASN data. It was working just fine on 4.3.3.
Confirmed on 2 different Graylog servers.
GeoIP before:
vpn_ext_ip
95.xx.xx.xx
vpn_ext_ip_as_number
1234
vpn_ext_ip_as_organization
Telekom CountryName
vpn_ext_ip_geo_city
CityName
vpn_ext_ip_geo_coordinates
41.3198,12.9434
vpn_ext_ip_geo_country
Slovenia
vpn_ext_ip_geo_country_iso
SI
vpn_ext_ip_geo_name
CityName, SI
vpn_ext_ip_geo_region
N/A
vpn_ext_ip_geo_timezone
N/A
vpn_int_ip
10.XX.XX.XX
vpn_int_ip_reserved_ip
true
And GeoIP after upgrade to 4.3.4:
vpn_ext_ip
77.XX.XX.XX
vpn_ext_ip_city_name
Sofia
vpn_ext_ip_country_code
BG
vpn_ext_ip_geolocation
46.6951,18.325
vpn_int_ip
10.XX.XX.XX
vpn_int_ip_reserved_ip
true
We can see a lot info missing AND "geo" is not appended in field name... I re-downloaded databases (MaxMind) but still the same.
Also haven`t changed proccessing order:
| Processor | Status
-- | -- | -- 1 | AWS Instance Name Lookup | active 2 | Message Filter Chain | active 3 | Pipeline Processor | active 4 | GeoIP Resolver | active 5 | Illuminate Processor | active
Found it: https://github.com/Graylog2/graylog2-server/issues/12909
Well can we have another option like: Add additional fields EVEN with Enforce graylog schema disabled?
I have altered ALL my dashboards, alerts and views to that new format, which is now gone.
I just wish to have my field name (not some default filed name) like: vpn_ext_ip to be automatically populated with GeoIP AND ASN info, without pipelines etc... Just like in 4.3.3 :)
@gregecslo If I understand correctly, you experienced a bug that was introduced, and you manually corrected it. I do apologize for the extra work, but we believe the default behavior as intended should accommodate what you need going forward. If this is not the case, please add a comment.
