Continuing the discussion from How does geoIP for private IPaddresses work?:
-
The idea #1 of correlating IPs is difficult to implement because the public ones change dinamically.
-
The idea #2:
I need the range of IPs: 10.x.x.x and latitude and longitude (I am going to use the ones of this example: Creating geoip data for internal networks
MACHINE
I have Kibana 6.8.2 installed in a virtual machine. I have some "static" logs. I call them static because this is a machine for running tests and the logs were inserted for that use. This machine does not receive real-time data.
LOGS
From january 1 2019 to may 31 2019.
Logs of a corporate social network: humhub
In the field "host", there are the private IP addresses which I want to be able to see in a Map (GeoIP).
I have followed this tutorial: How To Map User Location with GeoIP and ELK (Elasticsearch, Logstash, and Kibana)
I do not have the: "11-nginx-filter.conf" file. Probably because I am using a VM.
Do I need to configure Logstash if I am using a VM?
filter {
if [type] == "nginx-access" {
grok {
match => { "message" => "%{NGINXACCESS}"
}
}
geoip {
source => "clientip"
}
}
}