Closed redxking closed 11 months ago
nakajiak
commented
12 months ago GEO IP and IOC are downloaded by lambda function. Can you see /aws/lambda/aes-siem-geoip-downloader in CloudWatch logs? Is there any difference between when things were going well and now? If not, see this log, /aws/lambda/aes-siem-es-loader. Can you find "downloading GeoLite2-City.mmdb was success" in the beginning?
nakajiak
commented
11 months ago If you have still the issue, let me know
ewinrahman
commented
6 months ago Hi @nakajiak , I'm a bit lost here. How's the geoip-downloader function is actually work? I'm not able to find the guide in this repo (or I haven't look deeper). I've put the MaxMind license key under the environment variable and specified which field to lookup in the user.ini file yet the CloudWatch logs are still showing the .mmdb file is not found. P.S. I just recently added the license (barely 2-3 hours) and noticed that the geoip-downloader function is running on a fixed, 12-hour rate. I assume I need to wait for the next cycle to get the mmdb downloaded? Thanks
Last week I deployed this application. It was able to get everything working the last couple of days I redeployed from scratch, and now none of the GOP database or alien vault database seem to be populating on any of the dashboards. is there a place where I can check? I have reviewed the cloud formation and everything deployed successfully and the API keys are in there.