I need work with some geoip stuff that is not found in the external mmdb. We have internal IP space that I want to map. I have more than 10,000 subnets located at maybe 300 sites, and growing. Most of these are internal private IP and need to be geoip mapped using a custom process.
I use MySQL DB all the time for tools and have the geoip data available in there. But every Client IP needs to get mapped to pull the correct geoip data. And like I said, that data is Not in the MaxMind file. Is something like this available in NLS? Has anyone come up with a way to see their geoip data that uses private IP address space?
Please let me know if the following URL methodology will work in NLS.
https://www.elastic.co/guide/en/logstas ... tatic.html
I will entertain any serious suggestions.
Thanks
Steve B
geoip mapping of Private IP Address space
-
SteveBeauchemin
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
geoip mapping of Private IP Address space
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
Re: geoip mapping of Private IP Address space
I'm not aware of anyone trying this before, but the jdbc filter seems like a good fit. I'll have to step through this myself, but the first steps are to install the plugin:
and then the config will need to point to the mysql driver which can be downloaded from https://dev.mysql.com/downloads/connector/j/. I changed the permissions with:
The logstash.log has been helpful so far in fixing a couple issues. I would recommend following it while you do your testing:
Code: Select all
/usr/local/nagioslogserver/logstash/bin/logstash-pluginlogstash-plugin install logstash-filter-jdbc_staticCode: Select all
chmod 755 /usr/share/java/mysql-connector-java.jarCode: Select all
tail -f /var/log/logstash/logstash.logAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
SteveBeauchemin
- Posts: 524
- Joined: Mon Oct 14, 2013 7:19 pm
Re: geoip mapping of Private IP Address space
Thanks for those instructions. I think that is the last piece I need to make this work.
I have built all the other parts I need to get all my internal IP's geo-located. All the 10.x, 172.x, and 192.168.x IP spaces that can never be mapped because they exist only on our local LAN. Also the real addresses, and where we use them. I used Microsoft Active Directory as a source of authority for the subnet data, and the sites data. If AD is setup properly, and I believe ours is, you can get a sites list, and map those to coordinates. Then you can tie the Subnets to the site coordinates. Then you just need the last step where you get a client IP and see which Subnet it should map to. That is where SQL comes in as I need to take the client IP, and see if it is on a subnet. Then create the geoip.* data in the log record. Up to that point, gathering the information, has all been external.
The only manual part of this so far has been using a web mapping service (some free web site) to get Longitude and Latitude and tying them to the AD Sites. Entering the street address and getting the coordinates takes a long time. But once you have that you should be able to have fun with maps.
I really did not know that I could add plugins like that. So thank you for providing that insight.
When I finish this, and if it works, I will certainly share. This can be closed if you like. I can start a new thread if I have other questions.
2 thumbs up for you...
Thanks.
Steve B
I have built all the other parts I need to get all my internal IP's geo-located. All the 10.x, 172.x, and 192.168.x IP spaces that can never be mapped because they exist only on our local LAN. Also the real addresses, and where we use them. I used Microsoft Active Directory as a source of authority for the subnet data, and the sites data. If AD is setup properly, and I believe ours is, you can get a sites list, and map those to coordinates. Then you can tie the Subnets to the site coordinates. Then you just need the last step where you get a client IP and see which Subnet it should map to. That is where SQL comes in as I need to take the client IP, and see if it is on a subnet. Then create the geoip.* data in the log record. Up to that point, gathering the information, has all been external.
The only manual part of this so far has been using a web mapping service (some free web site) to get Longitude and Latitude and tying them to the AD Sites. Entering the street address and getting the coordinates takes a long time. But once you have that you should be able to have fun with maps.
I really did not know that I could add plugins like that. So thank you for providing that insight.
When I finish this, and if it works, I will certainly share. This can be closed if you like. I can start a new thread if I have other questions.
2 thumbs up for you...
Thanks.
Steve B
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: geoip mapping of Private IP Address space
Great!SteveBeauchemin wrote:Thanks for those instructions. I think that is the last piece I need to make this work.
I have built all the other parts I need to get all my internal IP's geo-located. All the 10.x, 172.x, and 192.168.x IP spaces that can never be mapped because they exist only on our local LAN. Also the real addresses, and where we use them. I used Microsoft Active Directory as a source of authority for the subnet data, and the sites data. If AD is setup properly, and I believe ours is, you can get a sites list, and map those to coordinates. Then you can tie the Subnets to the site coordinates. Then you just need the last step where you get a client IP and see which Subnet it should map to. That is where SQL comes in as I need to take the client IP, and see if it is on a subnet. Then create the geoip.* data in the log record. Up to that point, gathering the information, has all been external.
The only manual part of this so far has been using a web mapping service (some free web site) to get Longitude and Latitude and tying them to the AD Sites. Entering the street address and getting the coordinates takes a long time. But once you have that you should be able to have fun with maps.
I really did not know that I could add plugins like that. So thank you for providing that insight.
When I finish this, and if it works, I will certainly share. This can be closed if you like. I can start a new thread if I have other questions.
2 thumbs up for you...
Thanks.
Steve B
Locking