Page 1 of 1
geoip accuracy question
Posted: Wed Apr 22, 2020 12:59 pm
by benhank
Hey guys how do I verify that the geoip plugin is updated with the latest geoip data?
A question arose regarding the accuracy of the geoip maps that I created, and I suddenly realized that I don't actually know how accurate it is nor do I know how to check.
Re: geoip accuracy question
Posted: Wed Apr 22, 2020 5:05 pm
by jdunitz
Well, the files that ship with the Logserver are kind of old:
Code: Select all
[root@jpd-nagiosls2 vendor]# pwd
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-2.0.7/vendor
[root@jpd-nagiosls2 vendor]# ls -l
total 21404
-rwxrwxr-x. 1 nagios nagios 3545918 Jan 28 15:23 GeoIPASNum-2014-02-12.dat
-rwxrwxr-x. 1 nagios nagios 18370259 Jan 28 15:23 GeoLiteCity-2013-01-18.dat
[root@jpd-nagiosls2 vendor]#
You could download newer ones and replace them, however. If accuracy is your concern, that would be a good idea.
Hope that's helpful!
--Jeffrey
Re: geoip accuracy question
Posted: Thu Apr 23, 2020 1:41 pm
by benhank
THANKS
Re: geoip accuracy question
Posted: Thu Apr 23, 2020 2:04 pm
by benhank
but how do I do that?
Re: geoip accuracy question
Posted: Thu Apr 23, 2020 5:04 pm
by jdunitz
The safest thing to do is to go to
https://dev.maxmind.com/geoip/geoip2/geolite2/
and sign up to download the latest file.
Then you can write a new filter that points to the new file, wherever you want to put it:
Code: Select all
geoip {
source => 'clientip'
database => "/path/to/the/GeoLite2-City.mmdb"
}
more info is here:
https://www.elastic.co/guide/en/logstas ... geoip.html
You could also move the current file out of that directory (but keep it just in case...), put the new file in it's place, and restart logstash.
I don't know that that's 100% compatible with the version of the code that loads it, though. It should be, but it may not be.
Hope that's clearer.
--Jeffrey
Re: geoip accuracy question
Posted: Fri Apr 24, 2020 11:46 am
by benhank
Hey thanks! I appreciate the help! you can lock it up!
Re: geoip accuracy question
Posted: Fri Apr 24, 2020 1:05 pm
by scottwilkerson
benhank wrote:Hey thanks! I appreciate the help! you can lock it up!
great
Locking