Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maxmind GeoLite Database No Longer Available #2

Open
jeffh-cloudflare opened this issue May 21, 2021 · 1 comment
Open

Maxmind GeoLite Database No Longer Available #2

jeffh-cloudflare opened this issue May 21, 2021 · 1 comment

Comments

@jeffh-cloudflare
Copy link

Upon start of the Docker container, the following message is displayed:

geolite.maxmind.com not found

After performing an nslookup, I found that the fully qualified domain no longer exists. Maxmind has an article on their website that speaks to this and states they discontinued the original GeoLite database offering. It's been replaced with GeoLite2. Access to the GeoLite2 database does require registration and authentication.

GeoLite Legacy databases are now discontinued
https://support.maxmind.com/geolite-legacy-discontinuation-notice/

GeoLite2 Free Geolocation Data
https://dev.maxmind.com/geoip/geoip2/geolite2/

GeoIP2 Downloadable Databases
https://dev.maxmind.com/geoip/geoip2/downloadable/

I am in the process of trying to figure out how to upgrade your container instance to utilize the updated Maxmind GeoLite2 database and will add more to this issue when I determine the best course of action.
@jeffh-cloudflare
Copy link
Author

jeffh-cloudflare commented May 21, 2021
edited
Loading

I found there's a GeoLite2-City.mmdb file in the root of the container that is 0 bytes. When the Docker container starts, it fails to download the database from the original URL. There's a process that involves LogStash looking for the database. Since the file is empty, it causes LogStash to fail to start. You can log into the browser interface, but the cloudflare index is not present and none of the elements in the dashboard function as expected.

[2021-05-21T23:27:47,438][ERROR][logstash.agent ] An exception happened when converging configuration {:exception=>LogStash::Error, :message=>"Don't know how to handle Java::JavaLang::IllegalStateException for PipelineAction::Create<main>"}

[2021-05-21T23:27:47,454][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<LogStash::Error: Don't know how to handle Java::JavaLang::IllegalStateException for PipelineAction::Create<main>>, :backtrace=>["org/logstash/execution/ConvergeResultExt.java:129:in create'", "org/logstash/execution/ConvergeResultExt.java:57:in add'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:402:in `block in converge_state'"]}

[2021-05-21T23:27:47,478][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit

This can be resolved by creating an account on the MaxMind website, generating a license key, then replacing the current curl command in /scripts/pre-start.sh:

curl http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz | gunzip > /GeoLite2-City.mmdb

With the following:

curl https://download.maxmind.com/app/geoip_download\?edition_id\=GeoLite2-City\&license_key\=YOUR_LICENSE_KEY\&suffix\=tar.gz | gunzip > /GeoLite2-City.mmdb

The \ escape characters are required, otherwise the curl will fail with an error stating the MaxMind license key is invalid.

Unfortunately, the 'cloudflare=*' index is still not available, even after doing this, so the dashboard is still empty and Kibana refuses to display any data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jeffh-cloudflare