Conversation
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Member
Author
|
This is probably going to break in Travis because it requires an external GeoIP library dependency |
Member
|
The GeoIP thing should be handled by Travis. I see the apt-get installation in the travis output. |
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
Contributor
|
On Fri, 8 Jul 2016, Dan Parriott wrote:
Merged #840.
Unfortunately this restores code that was/is IPv4 dependent in alert.c.
It would be better to leave srcip and dstip as is and write them as
strings (into the sql query string) instead of converting them to ints
which would never work for IPv6 addresses.
Antonio Querubin
e-mail: tony@lavanauts.org
xmpp: antonioquerubin@gmail.com
|
Member
|
@aquerubin Thanks for the report. I wanted to get this in so there would be plenty of time to fix any issues before 3.0. I'm going to open an issue on this so it doesn't get lost, and quote your post. |
Contributor
|
On Fri, 8 Jul 2016, Dan Parriott wrote:
@aquerubin Thanks for the report. I wanted to get this in so there would
be plenty of time to fix any issues before 3.0. I'm going to open an
issue on this so it doesn't get lost, and quote your post.
Should I submit the fix or do you want to do that?
Antonio Querubin
e-mail: tony@lavanauts.org
xmpp: antonioquerubin@gmail.com
|
Member
|
@aquerubin Your fix would be much quicker and better than mine. I'd appreciate if you gave it a go! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Scott R. Shinn scott@atomicorp.com
This is a re-visit of dcids GeoIP patch, it adds the Geo Location of the IP address to the Alert and JSON output. It requires the GeoIP-devel package to build, and the GeoLiteCity.dat (included in GeoIP-GeoLite-data-extra package, or can be manually downloaded).
/usr/share/GeoIP/GeoLiteCity.dat