jthoel
commented
11 years ago when geoip use is turned on, snorby itself goes out to get the file weekly. The process for this is at snorby/lib/snorby/jobs/geoip_updatedb_job.rb .You could follow that script and try and download it yourself. It grabs the URL http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
We have seen issues with our umask where snorby (running as nobody or www) would write the file as root with 600 and nothing could read it. So we added the following in the script to fix that (snorbyapp being our group that has some rights in the folder)
add the following two lines above this line -> FileUtils.mv('tmp/tmp-snorby-geoip.dat', 'config/snorby-geoip.dat', :force => true)
FileUtils.chmod_R('640', 'config/snorby-geoip.dat', :force => true) FileUtils.chown_R('root', 'snorbyapp', 'config/snorby-geoip.dat', :force => true)
I find out that /config/snorby-geoip.dat is missing. How can I get it back?