Hi,
how to debug GeoIP lookup failure? For below attached screenshot, why the first clientIP: 123.58.60.5 lookup failed, but the second one 112.85.231.147 succeed?
the configuration is simple, and the GeoLIte2-city.mmdb database is the latest.
geoip {
source => "clientip"
database => "/usr/data/geolite2/GeoLite2-City.mmdb"
fields => ["region_name"]
}It could be the database doesn't have that IP listed, it does happen from time to time.
yes, you're correct, the first ip address's info is not as accurate as the second one in GeoLite2 Database.
$ /usr/bin/python3 /home/alex/pytest/ipquery.py
geoip2.models.City({'continent': {'code': 'AS', 'geoname_id': 6255147, 'names': {'de': 'Asien', 'en': 'Asia', 'es': 'Asia', 'fr': 'Asie', 'ja': 'アジア', 'pt-BR': 'Ásia', 'ru': 'Азия', 'zh-CN': '亚洲'}}, 'country': {'geoname_id': 1814991, 'iso_code': 'CN', 'names': {'de': 'China', 'en': 'China', 'es': 'China', 'fr': 'Chine', 'ja': '中国', 'pt-BR': 'China', 'ru': 'Китай', 'zh-CN': '中国'}}, 'location': {'accuracy_radius': 50, 'latitude': 34.7725, 'longitude': 113.7266, 'time_zone': 'Asia/Shanghai'}, 'registered_country': {'geoname_id': 1814991, 'iso_code': 'CN', 'names': {'de': 'China', 'en': 'China', 'es': 'China', 'fr': 'Chine', 'ja': '中国', 'pt-BR': 'China', 'ru': 'Китай', 'zh-CN': '中国'}}, 'traits': {'ip_address': '123.58.60.5', 'prefix_len': 18}}, ['en'])
# alex @ LAPTOP-FB6FQ8MU in ~ [21:57:21]
$ /usr/bin/python3 /home/alex/pytest/ipquery.py
geoip2.models.City({'city': {'geoname_id': 1799722, 'names': {'de': 'Nantong', 'en': 'Nantong', 'fr': 'Nantong', 'ja': '南通市', 'pt-BR': 'Nantong', 'ru': 'Наньтун', 'zh-CN': '南通'}}, 'continent': {'code': 'AS', 'geoname_id': 6255147, 'names': {'de': 'Asien', 'en': 'Asia', 'es': 'Asia', 'fr': 'Asie', 'ja': 'アジア', 'pt-BR': 'Ásia', 'ru': 'Азия', 'zh-CN': '亚洲'}}, 'country': {'geoname_id': 1814991, 'iso_code': 'CN', 'names': {'de': 'China', 'en': 'China', 'es': 'China', 'fr': 'Chine', 'ja': '中国', 'pt-BR': 'China', 'ru': 'Китай', 'zh-CN': '中国'}}, 'location': {'accuracy_radius': 500, 'latitude': 32.0303, 'longitude': 120.8747, 'time_zone': 'Asia/Shanghai'}, 'registered_country': {'geoname_id': 1814991, 'iso_code': 'CN', 'names': {'de': 'China', 'en': 'China', 'es': 'China', 'fr': 'Chine', 'ja': '中国', 'pt-BR': 'China', 'ru': 'Китай', 'zh-CN': '中国'}}, 'subdivisions': [{'geoname_id': 1806260, 'iso_code': 'JS', 'names': {'en': 'Jiangsu', 'fr': 'Province de Jiangsu', 'zh-CN': '江苏省'}}], 'traits': {'ip_address': '112.85.231.147', 'prefix_len': 17}}, ['en'])The plugin ships with a database that probably dates from when the plugin was built. You could try downloading a current database from MaxMind and see if coverage for that IP has been added.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.