Labels

Logstash GeoIP Update Ubuntu 20.04

 
Logstash GeoIP Update Ubuntu 20.04
(jika mahu gunakan secara update sendiri)

1. Pasang geoipupdate

apt install geoipupdate

Daftar ID di maxmind dan dapatkan API keys (download fail contoh)
https://dev.maxmind.com/geoip/geoipupdate/

2. Edit fail.

/etc/GeoIP.conf

3. Jalankan update secara manual.

/usr/bin/geoipupdate -v

Using config file /etc/GeoIP.conf
Using database directory /var/lib/GeoIP
Acquired lock file lock (/var/lib/GeoIP/.geoipupdate.lock)
Performing get filename request to https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-ASN
Calculated MD5 sum for /var/lib/GeoIP/GeoLite2-ASN.mmdb: a09dd1425a4b2a8e4c0cd11728b27039
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-ASN/update?db_md5=a09dd1425a4b2a8e4c0cd11728b27039
No new updates available for GeoLite2-ASN
Performing get filename request to https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-City
Calculated MD5 sum for /var/lib/GeoIP/GeoLite2-City.mmdb: b0186eaac862d6bdac9a0f8781becc39
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-City/update?db_md5=b0186eaac862d6bdac9a0f8781becc39
No new updates available for GeoLite2-City
Performing get filename request to https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-Country
Calculated MD5 sum for /var/lib/GeoIP/GeoLite2-Country.mmdb: 5efbd72017a294186e9fed4551cf464c
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-Country/update?db_md5=5efbd72017a294186e9fed4551cf464c
No new updates available for GeoLite2-Country

4. edit logstash config

# IP to City
  geoip {
         source => "ip"
         add_tag => [ "geoip" ]
         tag_on_failure => [ "geoip_ip_failure" ]
         database => "/var/lib/GeoIP/GeoLite2-City.mmdb"
        }

}

# IP To ASN

  geoip {
         source => "ip"
         add_tag => [ "geoip" ]
         tag_on_failure => [ "geoip_ip_failure" ]
         database => "/var/lib/GeoIP/GeoLite2-ASN.mmdb"
        }

}

====

Rujukan

https://dev.maxmind.com/geoip/updating-databases

https://github.com/maxmind/geoipupdate


===

Harisfazillah Jamel

20211010

Labels:

Popular Posts