Auto Update MaxMind Database - Unable to perform f...

rayar · ‎04-25-2021

we have installed the Auto Update MaxMind Database

https://splunkbase.splunk.com/app/5482/

[splunk@ilissplsh01 splunk]$ /opt/splunk/bin/splunk btool limits list --debug | grep "db_path ="
/opt/splunk/etc/apps/AM_all_sh_tuning/local/limits.conf db_path = /opt/splunk/etc/apps/splunk_maxmind_db_auto_update/local/mmdb/GeoLite2-City.mmdb
[splunk@ilissplsh01 splunk]$

the update is failing with the below error

Unable to perform file operations on MaxMind database file. [Errno 20] Not a directory: '/opt/splunk/etc/apps/splunk_maxmind_db_auto_update/local/mmdb/GeoLite2-City.mmdb'

the process is working only in case I remove the /opt/splunk/etc/apps/splunk_maxmind_db_auto_update/local/mmdb/GeoLite2-City.mmdb file manually

how I can automate it ?

Canacker · ‎05-27-2021

The problem is at line 96 of maxmind_db_update_command.py

When the script is trying to look for the tar folder it looks for GeoLite2*

which means it will find the file and the directory. It blocks when it finds the file. Adding an _ after makes sure it finds the directory of the archive.

# Solution

Fix for line 96 :

if filedir.startswith("GeoLite2-City_"):

We will eventually push this modification to the official github repo hopefully they will use this modification for splunkbase.

Auto Update MaxMind Database - Unable to perform file operations on MaxMind database file. [Errno 20] Not a directory: '

administration

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation