Add support for GeoIP2-Enterprise database

Question

Add support for GeoIP2-Enterprise database

kvmuralidhar opened this issue 5 years ago · 3 comments

As written in comment to geoip.rb "The path to the GeoLite2 database file which Logstash should use. City and ASN databases are supported.".

Is there a plan to support GeoIP2-Enterprise database?

Thanks
Murali

Answer 1 · 2020-02-05T12:29:39.000Z

Is there a plan to support GeoIP2-Enterprise database?

Answer 2 · 2020-04-12T02:52:39.000Z

Hey @kvmuralidhar!

This plugin already supports MaxMind GeoIP2-Enterprise City and ISP databases. Here is a sample configuration:

geoip {
    source => "requestIPAddress"
    database => "/usr/share/logstash/geoip2/GeoIP2-City.mmdb"
    fields => [ "city_name", "country_code2", "region_name", "location" ]
}
geoip {
    source => "requestIPAddress"
    database => "/usr/share/logstash/geoip2/GeoIP2-ISP.mmdb"
    default_database_type => "ASN"
    fields => [ "isp", "organization", "autonomous_system_organization", "autonomous_system_number" ]
}

Docs reference: https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html#_supported_databases
Full list of fields: https://github.com/logstash-plugins/logstash-filter-geoip/blob/master/src/main/java/org/logstash/filters/Fields.java

Answer 3 · 2020-04-13T13:22:36.000Z

@bcbee,

Thank you for your update. I was looking for support to GeoIP2-Enterprise db since it has additional information for a given ip address.

'connection_type': 'Corporate', 
'domain': 'googlebot.com', 
'user_type': 'search_engine_spider'