need help getting geoip up and running

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

need help getting geoip up and running

Post by benhank »

Hey Guys!

Im trying to get this dashboard working:

Code: Select all

https://exchange.nagios.org/directory/Addons/Nagios-Log-Server/Dashboards/Cisco-ASA-VPN-Monitoring/details
but all I get is this:
Capture.PNG
Here is a copy of my setup:

Code: Select all

# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Wed, 24 Feb 2016 11:55:32 -0500
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    syslog {
        type => 'syslog'
        port => 514
    }
    syslog {
        type => 'asa'
        port => 6514
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
    file {
        path => '/var/log/logstash/logstash.log'
    }
}
#
# Local inputs
#
#
# Global filters
#
filter {
    if [program] == 'apache_access' {
        grok {
            match => [ 'message', '%{COMBINEDAPACHELOG}']
        }
        date {
            match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ]
        }
        mutate {
            replace => [ 'type', 'apache_access' ]
             convert => [ 'bytes', 'integer' ]
             convert => [ 'response', 'integer' ]
        }
    }
     
    if [program] == 'apache_error' {
        grok {
            match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[%{WORD:class}\] \[%{WORD:originator} %{IP:clientip}\] %{GREEDYDATA:errmsg}']
        }
        mutate {
            replace => [ 'type', 'apache_error' ]
        }
    }
    if [type] == 'asa' {
    grok{
    match => ['message', '%{SYSLOG5424PRI}%%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{IPORHOST:Group}, Username = %{IPORHOST:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d? ?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
    }
    geoip {
      source => "IPAddress"
    }
    }
}
#
# Local filters
#
#
# Global outputs
#
#
# Local outputs
#
I installed NLS using the VM and I am running the latest version.
I cant figure out what is going wrong.
good yo be back btw =p
You do not have the required permissions to view the files attached to this post.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: need help getting geoip up and running

Post by jolson »

No logs are showing up on that dashboard, meaning that one of the following is happening:

1. Your ASA logs are different than what your filter expects. Could you post an example ASA log of yours please?
2. Your ASA logs are not reaching Nagios Log Server at all - this could be due to firewall problems, logstash problems, etc. Try tail -n100 /var/log/logstash/logstash.log

Could you please provide some of the information above? Thanks!

Jesse
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1

Re: need help getting geoip up and running

Post by hsmith »

Just to add a little on here, I have a dashboard that shows failed login attempts on my VPS, and after struggling with the filter, I realized how easy it is to do a geoIP one:

Code: Select all

if [type] == 'syslog' {
    geoip {
        source => 'ip'
    }
}
In case you ever wanted to make one of your own. That takes anything with a type of 'syslog' that has information in the 'ip' field, and generates a ton of information for it.
Former Nagios Employee.
me.
Top
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

Re: need help getting geoip up and running

Post by benhank »

sorry for the delay.

there are a few of them:( sensitive data has been edited)

Code: Select all

Feb 29 13:52:03 ASA-Active %ASA-4-722041: TunnelGroup <HVMA_Domain_Users_Group> GroupPolicy <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> No IPv6 address available for SVC connection
Feb 29 13:52:03 ASA-Active %ASA-5-722033: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> First TCP SVC connection established for SVC session.
Feb 29 13:52:03 ASA-Active %ASA-4-722051: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> IPv4 Address <172.30.240.68> IPv6 address <::> assigned to session
Feb 29 13:52:04 ASA-Active %ASA-5-722033: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> First UDP SVC connection established for SVC session.
Feb 29 13:52:27 ASA-Active %ASA-5-722012: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> SVC Message: 16/NOTICE: The user has requested to disconnect the connection..
Feb 29 13:52:27 ASA-Active %ASA-5-722037: Group <HVMA_Domain_Users> User <testuser> IP <1.1.1.1> SVC closing connection: User Requested.
Feb 29 13:52:27 ASA-Active %ASA-4-113019: Group = HVMA_Domain_Users_Group, Username = testuser, IP = 1.1.1.1, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:45s, Bytes xmt: 378576, Bytes rcv: 229060, Reason: User Requested
Last edited by jolson on Mon Feb 29, 2016 5:50 pm, edited 1 time in total.
Reason: fixed code bracket
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: need help getting geoip up and running

Post by ssax »

Thanks for posting that, I'm going to lab this up and see what we can do. I'll let you know what I find.
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: need help getting geoip up and running

Post by ssax »

Here is what I had to do to make the filter work for yours:

Code: Select all

if [type] == 'asa' {
	grok {
		match => ['message', '%{CISCOTIMESTAMP} %{WORD:LogType}-%{WORD:NOTSURE} %%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{WORD:Group}, Username = %{WORD:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}-%{WORD:NOTSURE2}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d?}%{CUSTOM3=:?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
	}
	geoip {
	  source => "IPAddress"
	}
}
These are the ones it matches:

Code: Select all

Feb 29 13:52:27 ASA-Active %ASA-4-113019: Group = HVMA_Domain_Users_Group, Username = testuser, IP = 1.1.1.1, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:45s, Bytes xmt: 378576, Bytes rcv: 229060, Reason: User Requested
Try it out and let me know the results.
Top
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

Re: need help getting geoip up and running

Post by benhank »

i still get the same results. here is my updated NLS setup:

Code: Select all

if [type] == 'asa' {
   grok {
      match => ['message', '%{CISCOTIMESTAMP} %{WORD:LogType}-%{WORD:NOTSURE} %%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{WORD:Group}, Username = %{WORD:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}-%{WORD:NOTSURE2}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d?}%{CUSTOM3=:?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
   }
   geoip {
     source => "IPAddress"
   }
}
I suspect that I might have to make changes to the dashboard creators file. here it is:

Code: Select all

{
  "title": "VPN_Sessions",
  "edit_type": "global",
  "services": {
    "query": {
      "list": {
        "0": {
          "query": "Reason:(\"Port Error\") or Reason:(\"NAS Error\") or Reason:(\"NAS Request\") or Reason:(\"NAS Reboot\") or Reason:(\"Connection preempted\") or Reason:(\"Port Suspended\") or Reason:(\"Service Unavailable\") or Reason:(\"SA Expired\") or Reason:(\"Bandwidth Management Error\") or Reason:(\"Certificate Expired\") or Reason:(\"Phase 2 Mismatch\") or Reason:(\"Firewall Mismatch\") or Reason:(\"ACL Parse Error\") or Reason:(\"Phase 2 Error\") or Reason:(\"Internal Error\") or Reason:(\"Crypto map policy not found\") or Reason:(\"L2TP initiated\")  or Reason:(\"NAC-Policy Error\") or Reason:(\"Dynamic Access Policy terminate\")  or Reason:(\"Client type not supported\")  or Reason:(\"Unknown\")",
          "alias": "Errors",
          "color": "#BF1B00",
          "id": 0,
          "pin": true,
          "type": "lucene",
          "enable": true
        },
        "1": {
          "id": 1,
          "color": "#7EB26D",
          "alias": "OK Reasons",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"User Requested\") or  Reason:(\"Host Requested\") or Reason:(\"VLAN Mapping Error\")"
        },
        "2": {
          "id": 2,
          "color": "#EF843C",
          "alias": "Warning / Forced",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Administrator Reset\") or Reason:(\"Administrator Reboot\") or Reason:(\"Administrator Shutdown\") or Reason:(\"User error\") or Reason:(\"IKE Delete\") or Reason:(\"Peer Address Changed\")"
        },
        "3": {
          "id": 3,
          "color": "#64B0C8",
          "alias": "Reconnect /Callback",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Peer Reconnected\") or Reason:(\"Callback\")"
        },
        "4": {
          "id": 4,
          "color": "#D683CE",
          "alias": "Unexpected",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Lost Carrier\") or Reason:(\"Lost Service\")"
        },
        "5": {
          "id": 5,
          "color": "#F4D598",
          "alias": "Timeout",
          "pin": true,
          "type": "lucene",
          "enable": true,
          "query": "Reason:(\"Idle Timeout\") or Reason:(\"Max time exceeded\") or Reason:(\"Port unneeded\")"
        }
      },
      "ids": [
        0,
        1,
        2,
        3,
        4,
        5
      ]
    },
    "filter": {
      "list": {
        "0": {
          "type": "time",
          "field": "@timestamp",
          "from": "now-24h",
          "to": "now",
          "mandate": "must",
          "active": true,
          "alias": "",
          "id": 0
        },
        "1": {
          "type": "field",
          "field": "_type",
          "query": "\"asa\"",
          "mandate": "must",
          "active": true,
          "alias": "",
          "id": 1
        },
        "2": {
          "type": "field",
          "field": "LogMessageNumber",
          "query": "\"113019\"",
          "mandate": "must",
          "active": true,
          "alias": "",
          "id": 2
        }
      },
      "ids": [
        0,
        1,
        2
      ]
    }
  },
  "rows": [
    {
      "title": "Map",
      "height": "400px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "error": false,
          "span": 6,
          "editable": true,
          "type": "bettermap",
          "loadingEditor": false,
          "field": "geoip.location",
          "size": 1000,
          "spyable": true,
          "tooltip": "username",
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "title": "Location of Clients"
        },
        {
          "error": false,
          "span": 2,
          "editable": true,
          "type": "terms",
          "loadingEditor": false,
          "field": "Reason",
          "exclude": [],
          "missing": true,
          "other": true,
          "size": 10,
          "order": "count",
          "style": {
            "font-size": "10pt"
          },
          "donut": false,
          "tilt": false,
          "labels": true,
          "arrangement": "horizontal",
          "chart": "pie",
          "counter_pos": "none",
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "tmode": "terms",
          "tstat": "total",
          "valuefield": "",
          "title": "Termination Reasons"
        },
        {
          "error": false,
          "span": 2,
          "editable": true,
          "type": "terms",
          "loadingEditor": false,
          "field": "host.raw",
          "exclude": [],
          "missing": true,
          "other": true,
          "size": 10,
          "order": "count",
          "style": {
            "font-size": "9pt"
          },
          "donut": false,
          "tilt": false,
          "labels": true,
          "arrangement": "horizontal",
          "chart": "pie",
          "counter_pos": "none",
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "tmode": "terms",
          "tstat": "total",
          "valuefield": "",
          "title": "Firewalls"
        },
        {
          "error": false,
          "span": 2,
          "editable": true,
          "type": "terms",
          "loadingEditor": false,
          "field": "username",
          "exclude": [],
          "missing": false,
          "other": false,
          "size": 10,
          "order": "count",
          "style": {
            "font-size": "10pt"
          },
          "donut": false,
          "tilt": false,
          "labels": true,
          "arrangement": "horizontal",
          "chart": "table",
          "counter_pos": "above",
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "tmode": "terms",
          "tstat": "count",
          "valuefield": "BytesTransmitted",
          "title": "Top VPN sessions"
        }
      ],
      "notice": false
    },
    {
      "title": "graph",
      "height": "300px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "span": 12,
          "editable": true,
          "group": [
            "default"
          ],
          "type": "histogram",
          "mode": "count",
          "time_field": "@timestamp",
          "value_field": null,
          "auto_int": true,
          "resolution": 100,
          "interval": "10m",
          "fill": 3,
          "linewidth": 3,
          "timezone": "browser",
          "spyable": true,
          "zoomlinks": true,
          "bars": true,
          "stack": true,
          "points": false,
          "lines": false,
          "legend": true,
          "x-axis": true,
          "y-axis": true,
          "percentage": false,
          "interactive": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "title": "Events over time",
          "intervals": [
            "auto",
            "1s",
            "1m",
            "5m",
            "10m",
            "30m",
            "1h",
            "3h",
            "12h",
            "1d",
            "1w",
            "1M",
            "1y"
          ],
          "options": true,
          "tooltip": {
            "value_type": "cumulative",
            "query_as_alias": true
          },
          "scale": 1,
          "y_format": "none",
          "grid": {
            "max": null,
            "min": 0
          },
          "annotate": {
            "enable": false,
            "query": "*",
            "size": 20,
            "field": "_type",
            "sort": [
              "_score",
              "desc"
            ]
          },
          "pointradius": 5,
          "show_query": true,
          "legend_counts": true,
          "zerofill": true,
          "derivative": false
        }
      ],
      "notice": false
    },
    {
      "title": "Data Transfer",
      "height": "300px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "span": 6,
          "editable": true,
          "type": "histogram",
          "loadingEditor": false,
          "mode": "mean",
          "time_field": "@timestamp",
          "value_field": "BytesReceived",
          "x-axis": true,
          "y-axis": true,
          "scale": "1",
          "y_format": "bytes",
          "grid": {
            "max": null,
            "min": 0
          },
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "annotate": {
            "enable": false,
            "query": "*",
            "size": 20,
            "field": "_type",
            "sort": [
              "_score",
              "desc"
            ]
          },
          "auto_int": true,
          "resolution": 100,
          "interval": "10m",
          "intervals": [
            "auto",
            "1s",
            "1m",
            "5m",
            "10m",
            "30m",
            "1h",
            "3h",
            "12h",
            "1d",
            "1w",
            "1y"
          ],
          "lines": true,
          "fill": 0,
          "linewidth": 3,
          "points": false,
          "pointradius": 5,
          "bars": false,
          "stack": false,
          "spyable": true,
          "zoomlinks": true,
          "options": true,
          "legend": false,
          "show_query": true,
          "interactive": true,
          "legend_counts": true,
          "timezone": "browser",
          "percentage": false,
          "zerofill": true,
          "derivative": false,
          "tooltip": {
            "value_type": "individual",
            "query_as_alias": true
          },
          "title": "Bytes Transmitted"
        },
        {
          "span": 6,
          "editable": true,
          "type": "histogram",
          "loadingEditor": false,
          "mode": "total",
          "time_field": "@timestamp",
          "value_field": "BytesReceived",
          "x-axis": true,
          "y-axis": true,
          "scale": 1,
          "y_format": "bytes",
          "grid": {
            "max": null,
            "min": 0
          },
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "annotate": {
            "enable": false,
            "query": "*",
            "size": 20,
            "field": "_type",
            "sort": [
              "_score",
              "desc"
            ]
          },
          "auto_int": false,
          "resolution": 100,
          "interval": "10m",
          "intervals": [
            "auto",
            "1s",
            "1m",
            "5m",
            "10m",
            "30m",
            "1h",
            "3h",
            "12h",
            "1d",
            "1w",
            "1y"
          ],
          "lines": true,
          "fill": 0,
          "linewidth": 3,
          "points": false,
          "pointradius": 5,
          "bars": false,
          "stack": false,
          "spyable": true,
          "zoomlinks": true,
          "options": true,
          "legend": false,
          "show_query": true,
          "interactive": true,
          "legend_counts": true,
          "timezone": "browser",
          "percentage": false,
          "zerofill": true,
          "derivative": false,
          "tooltip": {
            "value_type": "cumulative",
            "query_as_alias": true
          },
          "title": "Bytes Received"
        }
      ],
      "notice": false
    },
    {
      "title": "Events",
      "height": "350px",
      "editable": true,
      "collapse": false,
      "collapsable": true,
      "panels": [
        {
          "title": "All events",
          "error": false,
          "span": 12,
          "editable": true,
          "group": [
            "default"
          ],
          "type": "table",
          "size": 50,
          "pages": 5,
          "offset": 0,
          "sort": [
            "@timestamp",
            "desc"
          ],
          "style": {
            "font-size": "9pt"
          },
          "overflow": "min-height",
          "fields": [
            "@timestamp",
            "host",
            "DurationHours",
            "DurationMinutes",
            "IPAddress",
            "username",
            "Reason",
            "geoip.country_name",
            "geoip.city_name"
          ],
          "localTime": true,
          "timeField": "@timestamp",
          "highlight": [],
          "sortable": true,
          "header": true,
          "paging": true,
          "spyable": true,
          "queries": {
            "mode": "all",
            "ids": [
              0,
              1,
              2,
              3,
              4,
              5
            ]
          },
          "field_list": true,
          "status": "Stable",
          "trimFactor": 900,
          "normTimes": true,
          "all_fields": false
        }
      ],
      "notice": false
    }
  ],
  "editable": true,
  "failover": false,
  "index": {
    "interval": "day",
    "pattern": "[logstash-]YYYY.MM.DD",
    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
    "warm_fields": true
  },
  "style": "light",
  "panel_hints": true,
  "pulldowns": [
    {
      "type": "query",
      "collapse": false,
      "notice": false,
      "query": "*",
      "pinned": true,
      "history": [
        "Reason:(\"Idle Timeout\") or Reason:(\"Max time exceeded\") or Reason:(\"Port unneeded\")",
        "Reason:(\"Lost Carrier\") or Reason:(\"Lost Service\")",
        "Reason:(\"Peer Reconnected\") or Reason:(\"Callback\")",
        "Reason:(\"Administrator Reset\") or Reason:(\"Administrator Reboot\") or Reason:(\"Administrator Shutdown\") or Reason:(\"User error\") or Reason:(\"IKE Delete\") or Reason:(\"Peer Address Changed\")",
        "Reason:(\"User Requested\") or  Reason:(\"Host Requested\") or Reason:(\"VLAN Mapping Error\")",
        "Reason:(\"Port Error\") or Reason:(\"NAS Error\") or Reason:(\"NAS Request\") or Reason:(\"NAS Reboot\") or Reason:(\"Connection preempted\") or Reason:(\"Port Suspended\") or Reason:(\"Service Unavailable\") or Reason:(\"SA Expired\") or Reason:(\"Bandwidth Management Error\") or Reason:(\"Certificate Expired\") or Reason:(\"Phase 2 Mismatch\") or Reason:(\"Firewall Mismatch\") or Reason:(\"ACL Parse Error\") or Reason:(\"Phase 2 Error\") or Reason:(\"Internal Error\") or Reason:(\"Crypto map policy not found\") or Reason:(\"L2TP initiated\")  or Reason:(\"NAC-Policy Error\") or Reason:(\"Dynamic Access Policy terminate\")  or Reason:(\"Client type not supported\")  or Reason:(\"Unknown\")",
        "*",
        "Reason:(\"Idle Timeout\") or Reason:(\"Max time exceeded\") or Reason:(\"Port Error\") or Reason:(\"NAS Error\") or Reason:(\"NAS Request\") or Reason:(\"NAS Reboot\") or Reason:(\"Port unneeded\") or Reason:(\"Connection preempted\") or Reason:(\"Port Suspended\") or Reason:(\"Service Unavailable\") or Reason:(\"SA Expired\") or Reason:(\"Bandwidth Management Error\") or Reason:(\"Certificate Expired\") or Reason:(\"Phase 2 Mismatch\") or Reason:(\"Firewall Mismatch\") or Reason:(\"ACL Parse Error\") or Reason:(\"Phase 2 Error\") or Reason:(\"Internal Error\") or Reason:(\"Crypto map policy not found\") or Reason:(\"L2TP initiated\")  or Reason:(\"NAC-Policy Error\") or Reason:(\"Dynamic Access Policy terminate\")  or Reason:(\"Client type not supported\")  or Reason:(\"Unknown\")",
        "Reason:(\"Peer Reconnected\")",
        "Reason:(\"Administrator Reset\") or Reason:(\"Administrator Reboot\") or Reason:(\"Administrator Shutdown\")"
      ],
      "remember": 10,
      "enable": true
    },
    {
      "type": "filtering",
      "collapse": false,
      "notice": true,
      "enable": true
    }
  ],
  "nav": [
    {
      "type": "timepicker",
      "collapse": false,
      "notice": false,
      "status": "Stable",
      "time_options": [
        "5m",
        "15m",
        "1h",
        "2h",
        "6h",
        "12h",
        "24h",
        "2d",
        "7d",
        "30d"
      ],
      "refresh_intervals": [
        "5s",
        "10s",
        "30s",
        "1m",
        "5m",
        "15m",
        "30m",
        "1h",
        "2h",
        "1d"
      ],
      "timefield": "@timestamp",
      "now": true,
      "filter_id": 0,
      "enable": true
    }
  ],
  "loader": {
    "save_gist": false,
    "save_elasticsearch": true,
    "save_local": true,
    "save_default": true,
    "save_temp": true,
    "save_temp_ttl_enable": true,
    "save_temp_ttl": "30d",
    "load_gist": true,
    "load_elasticsearch": true,
    "load_elasticsearch_size": 20,
    "load_local": true,
    "hide": false
  },
  "refresh": false,
  "dash_type": "elasticsearch"
}
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: need help getting geoip up and running

Post by ssax »

There is a difference between yours and mine, use this one:
VPN_Sessions-1456956456742.zip
You do not have the required permissions to view the files attached to this post.
Top
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

Re: need help getting geoip up and running

Post by benhank »

Still no go. all screens are blank
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: need help getting geoip up and running

Post by jolson »

benhank,

Is there any chance you'd like to do a remote to pin this down? I think an issue like this one deserves a live session - it'd be a lot easier to hunt down the problems then. Give us an email at customersupport@nagios.com and we'll hook you up! ;)
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top

Return to “Nagios Log Server”