Generic "could not lookup WHOIS"

joaociocca · August 25, 2017, 5:39pm

I’m putting this on the add-ons section because I think it’s related to the Threat Intel plugin.

Even though graylog’s VMs are allowed to query the whois addresses, I keep getting Could not lookup WHOIS information for error everywhere. But it’s just that, no details about why graylog wasn’t able to perform the loopkup…

Is there a way to get more info? Like, if we’re getting rate limited (as mentioned on Threatintel WHOIS - 50% of country code’s and organizations are “N/A”) or anything else?

And yeah, sorry, I just remembered that I had another similar topic - Graylog WHOIS errors, but that also didn’t solve the problem =( I know, now, that my servers can reach the whois destinations attempted. But there’s still no info on why it failed.

jan · August 28, 2017, 8:32am

Hej @joaociocca

the simple solution is, that your servers are rate limited on the whois servers - that is a resource that is provided by someone else and the person stopped your access.

Feel free to add the issue here that the error messages should be a little more verbose.

The error of the plugin is generic and did not check what is the error messages to provide more information.

regards
Jan

joaociocca · August 28, 2017, 2:06pm

Done! Thanks, @jan

system · September 11, 2017, 2:07pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog WHOIS errors Graylog Add-ons	3	1169	August 22, 2017
Whois Plugin not working Graylog Add-ons pipeline-rules	3	2569	April 21, 2020
Whois lookup table is giving a strange error Graylog Central (peer support)	7	1255	June 20, 2018
"who is" not working for many ips Graylog Central (peer support)	7	1377	March 6, 2019
Whois plugin looking up RFC1918 addresses Graylog Add-ons pipeline-rules	12	3541	January 7, 2019

Generic "could not lookup WHOIS"

Related topics