Discuss the Elastic Stack

External file for match

Elastic Stack Logstash

Alexander_Orlenko (Alexander Orlenko) August 29, 2017, 10:08am 1

Hello,

We analise syslog msg from dhcpd daemon.
And want use GeoIP, but we use internal ip addresses.
How match internal ip or host name to City.

For example,
@timestamp August 29th 2017, 12:39:10.754
host 172.xx.xx.x
host_name krg2-fw
message <190> 2017 Aug 29 11:37:59 krg2-fw local7.info dhcpd: [Local Network: DHCP] DHCPACK on 10.x.x.x to 68:f7:xx:xx (xxx) via LAN1
srcip 10.x.x.x

172.xx.xx.x = krg2-fw = >Krasnodar
How match interlan IP or hostname with City?

The city name over 150.
We have two way.

Edit geoip DB manual
use external csv (txt etc) file, where match hostname or ip with City

How can do this ?

magnusbaeck (Magnus Bäck) August 29, 2017, 2:31pm 2

Look into the translate filter.

1 Like

Alexander_Orlenko (Alexander Orlenko) August 30, 2017, 1:15pm 3

thanks Magnus
Sorry for delay answer, need quick implement

system (system) Closed September 27, 2017, 1:15pm 4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.