All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do you update the OUI data?

ron_ogle
Engager
‎04-07-2018 03:41 PM

I installed this App back in February. Soon afterwards, I was seeing that some of my lookups came back blank. I thought that this app did a lookup from the IEEE server. I found out that is not how it works. The underlying Python netaddr module downloads the OUI text file from IEEE during the build process of the module, and then uses that netaddr/eui/oui.txt file for all lookups.

That means that as soon as this App is built and published to Splunkbase, the oui.txt file is already getting stale. I temporarily fixed the issue by downloading the Python netaddr module source, ungzipp'd and untar'd the source in /tmp, and did a "make downloads" in the temporary directory. This will do 2 things. It will use wget to download the oui.txt and iab.txt files from IEEE. Second it will call the ieee.py file to create an index for each of the txt files. Lastly, I copied the txt and idx files into the Splunk App directory: $SPLUNK_HOME/etc/apps/TA-macvendor/bin/netadd/eui directory.

What should happen is the author or someone (maybe me) should create a helper Python script that runs on a periodic basis that does what the makefile does. That way these files will be updated on a regular basis.

Reply

jtrujillo
Path Finder
‎07-10-2018 07:46 AM

Great idea.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...