On 11/16/2011 2:14 PM, Mark D. Nagel wrote:
> On 11/16/2011 7:45 AM, Karl Oulmi wrote:
>
>> I just made a fresh install of nfsen on a freebsd box. Everything
>> works great except when I click on a IP address to do a nslookup/whois.
>>
>> I have the following message in the pop-up :
>>
>> "Can't connect to whoisd: IO::Socket::INET: connect: Connection refused"
>>
>> If anyboby could help me, It would be nice.
> The site that used to provide that service only provides a web-based
> version now, not WHOIS-based. They provide their source code for the
> WHOIS server (http://www.fr2.cyberabuse.org/whois/?page=downloads),
> though, so I just built my own instance and pointed our installs at that
> server by copying libexec/Lookup.pm to libexec/Lookup_site.pm and
> changing the whois_socket setup in the code. It would be nice to get
> that changed upstream to something suitable, but that works for now.
> Shouldn't be terribly hard to change the code to use HTTP rather than
> WHOIS I'd think.
And, to be sure this is working, I tested it and found it is NOT
working. Traced to this in LoadPlugins:
if ( scalar @NfConf::plugins == 0 ) {
return;
}
For some reason, even if you are just trying to overload the
Lookup::Lookup with Lookup_site::Lookup, you _have_ to also enable a
plugin in @plugins. That seems unnecessary, but I enabled the default
demoplugin and now I see:
Nov 16 14:52:56 mindseye nfsen[11848]: Found site specific lookup module
And, clicking on an IP is now producing lookup results. I definitely
think that should be separated from the plugin logic, though... Note
also, you have to copy Lookup.pm to Lookup_site.pm and change both the
code I mentioned as well as change the package from Lookup to
Lookup_site to make that work.
Regards,
Mark
--
Mark D. Nagel, CCIE #3177 <[email protected]>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 949-623-9854
** For faster support response time, please
** email [email protected] or call 714-495-4000
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
