Geoip is not working for pfsense

APASCHE · August 16, 2018, 2:45pm

Hello guys,
I am new to ELK and I have a single problem node for generating GEOIP information. Need help. Has anyone had the same problem?
follows how the logstash configuration looks like I want change the template to logstash, because packetbeat There are 14 thousand lines and it can be wrong.
{
"packetbeat-6.3.2": {
"order": 1,
"index_patterns": [
"packetbeat-6.3.2-"
],
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "10000"
}
},
"refresh_interval": "5s",
"number_of_routing_shards": "30",
"number_of_shards": "3"
}
},
"mappings": {
"doc": {
"_meta": {
"version": "6.3.2"
},
"date_detection": false,
"dynamic_templates": [
{
"fields": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "fields."
}
},
{
"docker.container.labels": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "docker.container.labels."
}
},
{
"amqp.headers": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "amqp.headers."
}
},
{
"cassandra.response.supported": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "cassandra.response.supported."
}
},
{
"http.request.headers": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "http.request.headers."
}
},
{
"http.response.headers": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string",
"path_match": "http.response.headers.*"
}
},
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"properties": {
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"resource": {
"type": "keyword",
"ignore_above": 1024
},
"nfs": {
"properties": {
"version": {
"type": "long"
},
"minor_version": {
"type": "long"
},
"tag": {
"type": "keyword",
"ignore_above": 1024
},
"opcode": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
}

APASCHE · August 17, 2018, 11:34am

This is my error log. Grok failed parse failed and GEOIP failed. How can I fix it?

tags:
_grokparsefailure, PFSense, firewall, _dateparsefailure, _geoip_lookup_failure
@timestamp:
August 17th 2018, 08:26:37.266
syslog_severity:
notice
host:
10.10.0.151
syslog_facility:
user-level
type:
syslog
syslog_facility_code:
1
syslog_severity_code:
5
prog:
filterlog
message:
9,,,1000000103,lagg0.8,match,block,in,4,0x0,,128,17671,0,none,17,udp,46,10.10.43.77,255.255.255.255,13382,13364,26
@version:
1
evtid:
134
_id:
qNujR2UByLlvsGVhH8eC
_type:
doc
_index:
logstash-2018.08.17
_score:

system · September 14, 2018, 11:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.