Generic "could not lookup WHOIS"


(João Ciocca) #1

I’m putting this on the add-ons section because I think it’s related to the Threat Intel plugin.

Even though graylog’s VMs are allowed to query the whois addresses, I keep getting Could not lookup WHOIS information for error everywhere. But it’s just that, no details about why graylog wasn’t able to perform the loopkup…

Is there a way to get more info? Like, if we’re getting rate limited (as mentioned on Threatintel WHOIS - 50% of country code’s and organizations are “N/A”) or anything else?

And yeah, sorry, I just remembered that I had another similar topic - Graylog WHOIS errors, but that also didn’t solve the problem =( I know, now, that my servers can reach the whois destinations attempted. But there’s still no info on why it failed.


(Jan Doberstein) #2

Hej @joaociocca

the simple solution is, that your servers are rate limited on the whois servers - that is a resource that is provided by someone else and the person stopped your access.

Feel free to add the issue here that the error messages should be a little more verbose.

The error of the plugin is generic and did not check what is the error messages to provide more information.

regards
Jan


(João Ciocca) #3

Done! Thanks, @jan
https://github.com/Graylog2/graylog-plugin-threatintel/issues/50


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.