Dear community,
The ElasticSearch bots, tests and tools in IntelMQ need some maintenance
which I am unable to provide. As ES is a very common tool I am sure that
there is know-how available in the community and we are able to continue
the support for it.
The oldest know issue is a broken unittest:
https://github.com/certtools/intelmq/issues/1480
But there are also incompatibilties with current ElasticSearch version,
e.g. I had problems with the elasticmapper tool using ES 7.6.1 (maybe
easy to fix).
Using 7.5.0 failed on the indices tests
https://github.com/certtools/intelmq/issues/1479
Further, the only supported elasticsearch python library version is
currently 'elasticsearch>=5.0.0,<6.0.0' while the latest release is 7.6.0.
Please consider contributing
best regards
Sebastian
--
// Sebastian Wagner <wagner(a)cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
Hi,
(involving intelmq-dev now so that we can move that discussion to the
developers' list)
Thanks for the hint. That could be a possible replacement. When
analyzing the stat.ripe.net webinterface I also found this endpoint
giving the same result:
https://stat.ripe.net/data/rir-geo/data.json?resource=131.130.254.77
Has anyone a clue why RIPE provides so many different endpoints for the
same data? (With different status which is not properly propagated to
the status code...)
best wishes,
Sebastian
On 3/17/20 10:55 PM, Chris Horsley wrote:
>
> Is this alternative RIPE API endpoint a feasible alternative?
>
> https://stat.ripe.net/data/geoloc/data.json?resource=131.130.254.77/24
>
> Cheers,
>
> Chris
>
> On 18/03/2020 3:14 am, Sebastian Wagner wrote:
>>
>> Hi,
>>
>> I just noticed, that RIPE currently does not provide geolocation
>> information anymore as a result of the MaxMind data license change.
>> That data can/could be queried with the IntelMQ RIPE expert. In case
>> you are still relying on this information, please use another source
>> for geolocation data, like the maxmind geolocation expert and local
>> data. Unfortunately, the returned status code of the API call is 200
>> and the error is only detectable by another field. I am working on
>> changes in the RPIE expert to detect this and raise a warning for it.
>>
>> best regards,
>> Sebastian
>>
>> For example
>> https://stat.ripe.net/data/maxmind-geo-lite/data.json?resource=131.130.254.…
>> says:
>>
>> messages
>> 0
>> 0 "info"
>> 1 "This data is currently unavailable due to maintenance. Please
>> check official announcements for when it will be available again!
>> https://stat.ripe.net/feedback"
>> data_call_status "maintenance - this data call is in maintenance mode"
>>
>> --
>> // Sebastian Wagner <wagner(a)cert.at> - T: +43 1 5056416 7201
>> // CERT Austria - https://www.cert.at/
>> // Eine Initiative der nic.at GmbH - https://www.nic.at/
>> // Firmenbuchnummer 172568b, LG Salzburg
>>
>
--
// Sebastian Wagner <wagner(a)cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg