000030876 - How to Check if Geoip Data is Correctly Configured in AAOP

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000030876
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 6.x /7.1 
IssueHow to check Geoip data is correctly configured in AAOP and updated successfully in the AA Environment.
ResolutionKindly follow the below steps and configuration:
1.Please verify the few parameter values in the back office should be provided for location under 'External data Providers' general tab: 
Staging, Database and Archive directory. (For Example ,screen print attached). 

Save & Publish the changes.

2. Copy the new geoip file to location under your /rsa/<geoip>/staging directory , For example: the same location as given in BackOffice /rsa/geoip/staging
[ Please Note: The next analyze call received by AAOP will load the new geoip to the memory and copy it to the /rsa/geoip/database directory ]

3.Check to see if the .dat file is loaded in your database. 
For example: to check 'geoip_MAXMIND_90.dat' is uploaded
Go to your database and open the Core database table GEN_CONFIG_PARAM_VALUE.

 Run the below SQL query:


4.Check and copy the row for 'Gen_config_param_id' column value of this corresponding .dat file 
5.Go to GEN_CONFIG_PARAM, search the above Gen_config_param_id taken from point 4. and verify it under 'ID column' in GEN_CONFIG_PARAM Table
6.Verify the corresponding row ‘Active_data_file’ which should be equal to '1'
7. Verify the health check and the system aa_server logs. 
It should be working fine if system has no additional issues.

NotesSteps to troubleshoot if GeoIP fails to load:
  1. Verify that Customer's JVM is configured with enough memory to load the Maxmind GeoIP data, approximately 500-600 Mb of permgen heap space.
  2. Verify the content and version information in the "active.properties" file under /geoip/database directory.  Even though this file is deprecated according to RSA documentation, it may still be affecting the successful loading of the new file.
  3. After completing steps 1 & 2 above, repeat steps 3-7 in the resolution section.