d1str0
commented
3 years ago https://www.arin.net/reference/research/statistics/address_filters/
10.x.x.x addresses are all internally addressed IPs so you won't be able to geolocate them, as this error is mentioning its trying to do.
I keep getting the following logs in Splunk. Any leads on how to resolve this?
invalid message {"sensor": "653ba2d4-0cde-11ec-b5d4-b306fa579561", "timestamp": "2021/10/13 15:40:16.439927", "header": "1:2010936:3", "classification": 3, "priority": 2, "signature": "ET SCAN Suspicious inbound to Oracle SQL port 1521", "proto": "TCP", "source_port": 54908, "destination_port": 1521, "source_ip": "10.115.36.142", "destination_ip": "10.104.75.3", "ttl": 248, "tos": 104, "id": 0, "iplen": 65536, "dgmlen": 64, "ethsrc": "Redacted", "ethdst": “Redacted”, "ethtype": "0x800", "ethlen": "0x4E", "tcpseq": "0xC450577C", "tcpack": "0x0", "tcpwin": "0xFFFF0000", "tcplen": 44, "tcpflags": "**S*"} Traceback (most recent call last): File "/opt/hpfeeds/examples/geoloc/geoloc.py", line 86, in on_message m = p(identifier, payload, gi) File "/opt/hpfeeds/examples/geoloc/processors.py", line 108, in snort_alerts return create_message('snort.alerts', identifier, gi, src_ip=dec.source_ip, dst_ip=dec.destination_ip) File "/opt/hpfeeds/examples/geoloc/processors.py", line 162, in create_message geo = gi.city(src_ip) File "/opt/hpfeeds/env/lib/python2.7/site-packages/geoip2/database.py", line 114, in city return self._model_for(geoip2.models.City, 'City', ip_address) File "/opt/hpfeeds/env/lib/python2.7/site-packages/geoip2/database.py", line 194, in _model_for (record, prefix_len) = self._get(types, ip_address) File "/opt/hpfeeds/env/lib/python2.7/site-packages/geoip2/database.py", line 190, in _get "The address %s is not in the database." % ip_address) AddressNotFoundError: The address 10.115.36.142 is not in the database.