All Apps and Add-ons

How do you update the OUI data?

ron_ogle
Engager

I installed this App back in February. Soon afterwards, I was seeing that some of my lookups came back blank. I thought that this app did a lookup from the IEEE server. I found out that is not how it works. The underlying Python netaddr module downloads the OUI text file from IEEE during the build process of the module, and then uses that netaddr/eui/oui.txt file for all lookups.

That means that as soon as this App is built and published to Splunkbase, the oui.txt file is already getting stale. I temporarily fixed the issue by downloading the Python netaddr module source, ungzipp'd and untar'd the source in /tmp, and did a "make downloads" in the temporary directory. This will do 2 things. It will use wget to download the oui.txt and iab.txt files from IEEE. Second it will call the ieee.py file to create an index for each of the txt files. Lastly, I copied the txt and idx files into the Splunk App directory: $SPLUNK_HOME/etc/apps/TA-macvendor/bin/netadd/eui directory.

What should happen is the author or someone (maybe me) should create a helper Python script that runs on a periodic basis that does what the makefile does. That way these files will be updated on a regular basis.

jtrujillo
Path Finder

Great idea.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...