I ran into this when using the Docker version of Zeek that is included with RITA.
cbrenton@demo:~/xenorat$ zeek readpcap xenorat.pcap ~/xenorat/
Starting the Zeek docker container
Zeek logs will be saved to /home/cbrenton/xenorat
1716476702.222595 error in /usr/local/zeek/share/zeek/policy/protocols/ssh/geo-data.zeek, line 30: Failed to open GeoIP location database (lookup_location(SSH::lookup_ip))
cbrenton@demo:~/xenorat$
So it looks like Zeek is configured to do a lookup on the source, but the geo data is not available. We can probably get away with just disabling this option.
I ran into this when using the Docker version of Zeek that is included with RITA.
So it looks like Zeek is configured to do a lookup on the source, but the geo data is not available. We can probably get away with just disabling this option.