graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

WhoisIpLookup over-reporting errors

Open waab76 opened this issue 1 year ago • 0 comments

Expected Behavior

The WHOIS data adapter should only report 1 error per lookup attempt.

Current Behavior

WHOIS lookups can be redirected many times which the data adapter handles with recursive calls to its run() method. When a lookup attempts results in an IOException (generally due to a timeout), that exception is logged and re-thrown. This means that the exception will be logged for each WHOIS server in the chain of redirects as it works its way back up the call stack.

Possible Solution

Do not re-throw IOExceptions here: https://github.com/Graylog2/graylog2-server/blob/5109d4ba74c7968e8a6958b57b571a44b405b32d/graylog2-server/src/main/java/org/graylog/plugins/threatintel/whois/ip/WhoisIpLookup.java#L129-L131

waab76 avatar Sep 26 '24 21:09 waab76