Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to set STRM to use whois server for IP ownership checks

0

0

Article ID: KB15674 KB Last Updated: 25 Jun 2010Version: 2.0
Summary:
STRM is capable of doing whois lookups.  According to the STRM Users Guide, WHOIS Lookup Searches for the registered owner of a remote IP address. The default system server is whois.crsnic.net.

Symptoms:
Setting the WHOIS server to something other than the default is unclear.

Solution:
There is a line, WHOISSERVER=,  at the bottom of the nva.conf file in the following three locations:
/opt/qradar/conf/nva.conf
/store/configservices/staging/globalconfig/nva.conf
/store/configservices/deployed/globalconfig/nva.conf

Set that line to point to the internal server and then deploy changes:
WHOISSERVER=your.whois.server.com

This will set the local server to be used first. However, if a result is not returned from the local server, then the search will use whois.arin.net.

If the customer does not want the search to go to the external whois server, they will either have to block it at a firewall, or edit the hosts file on the STRM box to point whois.arin.net to a local address.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search