Drop_update

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Drop_update

L2 Linker

Hi,

 

I've just created a new node and I'm seeing events such us: DROP_UPDATE on aggregator type. 

 

My miner has all domain list but the aggregator has this meessge with "drop_update", do you know it??? Why???

 

Thanks a lot

 

5 REPLIES 5

L7 Applicator

Hi @SantiBT,

where do you see the DROP_UPDATE ? in the processor node ? Could you give more details about the types of nodes used in the graph and how they are connected together ?

Hi Imori,

 

Yes, is on aggregator processor, you can see over the logs:

 

 TEST-aggr-TEST DROP_UPDATE 0.0.0.0 confidence: 80share_level: redsources: ["test.ipsrc"]first_seen: 1488466915898type: ipv4last_seen: 1488466915898 source_node: TEST-IP-TEST

 

 TEST-aggr-TEST DROP_UPDATE 0.0.0.0 confidence: 80share_level: redsources: ["test.ipsrc"]first_seen: 1488466915898type: ipv4last_seen: 1488466915898 source_node: TEST-IP-TEST

 

My node is config so:

 

CLASS

minemeld.ft.http.HttpFT
INDICATOR TYPES

IPv4IPv6
TAGS


CONFIG
attributes	
confidence: 80
share_level: red
type: ipv4
delimeter	#
fieldnames	
indicator
ignore_regex	^#
interval	3600
source_name	test.ipsrc
url	http://test.server.local/ip-test.txt

My aggregator config is:

 

CLASS

minemeld.ft.ipop.AggregateIPv4FT
INDICATOR TYPES

IPv4
TAGS

None
CONFIG
infilters	
NAME	CONDITIONS	ACTIONS
accept withdraws	
__method == 'withdraw'
accept
accept IPv4	
type == 'IPv4'
accept
drop all	
drop
whitelist_prefixes	
wl

I'm seening prefectly the IP on my node but its impossible can see these IPs on the aggregator, I see this message "DROP_UPDATE" always.

 

Do you know why??

 

 

Thanks!

Hi @SantiBT,

problem is in the prototype of the Miner, ipv4 should be IPv4.

 

 

**bleep**!!!!

 

jajajajaja

 

Sorry, I'm stupid.

 

Thanks a lot!!!

You are welcome !

  • 4507 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!