Geoip expired_database error

I get the following error on logstash logs;

[2024-03-04T13:38:54,437][ERROR][logstash.filters.geoip.downloadmanager] Permission denied - /var/lib/logstash/plugins/filters/geoip/1709555933 {:cause=>nil}
[2024-03-04T13:38:54,592][ERROR][logstash.filters.geoip.downloadmanager] Permission denied - /var/lib/logstash/plugins/filters/geoip/1709555933 {:cause=>nil}

The filters show geip_expired_database. No database has been defined manually. Could the permission denied be a firewall issue?

No, this means that Logstash cannot read/remove/create the specified file because of file permissions.

How are you running Logstash? Are you running logstash as a service with systemctl? Did you ran Logstash as the root user or with a sudo at any point?

That is the issue.
chown -R logstash: /var/lib/logstash/plugins/filters/

[2024-03-04T14:12:51,305][INFO ][logstash.filters.geoip.databasemanager] /var/lib/logstash/plugins/filters/geoip/1662379503 is deleted
[2024-03-04T14:12:51,370][INFO ][logstash.filters.geoip.databasemanager][main] By not manually configuring a database path with `database =>`, you accepted and agreed MaxMind EULA. For more details please visit
[2024-03-04T14:12:51,372][INFO ][logstash.filters.geoip   ][main] Using geoip database {:path=>"/var/lib/logstash/plugins/filters/geoip/1709557966/GeoLite2-City.mmdb"}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.