Auto Update MaxMind Database - Unable to perform f...

rayar · ‎04-25-2021

we have installed the Auto Update MaxMind Database

https://splunkbase.splunk.com/app/5482/

[splunk@ilissplsh01 splunk]$ /opt/splunk/bin/splunk btool limits list --debug | grep "db_path ="
/opt/splunk/etc/apps/AM_all_sh_tuning/local/limits.conf db_path = /opt/splunk/etc/apps/splunk_maxmind_db_auto_update/local/mmdb/GeoLite2-City.mmdb
[splunk@ilissplsh01 splunk]$

the update is failing with the below error

Unable to perform file operations on MaxMind database file. [Errno 20] Not a directory: '/opt/splunk/etc/apps/splunk_maxmind_db_auto_update/local/mmdb/GeoLite2-City.mmdb'

the process is working only in case I remove the /opt/splunk/etc/apps/splunk_maxmind_db_auto_update/local/mmdb/GeoLite2-City.mmdb file manually

how I can automate it ?

Canacker · ‎05-27-2021

The problem is at line 96 of maxmind_db_update_command.py

When the script is trying to look for the tar folder it looks for GeoLite2*

which means it will find the file and the directory. It blocks when it finds the file. Adding an _ after makes sure it finds the directory of the archive.

# Solution

Fix for line 96 :

if filedir.startswith("GeoLite2-City_"):

We will eventually push this modification to the official github repo hopefully they will use this modification for splunkbase.

Auto Update MaxMind Database - Unable to perform file operations on MaxMind database file. [Errno 20] Not a directory: '

administration

configuration

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?