Hello,
I send logs from mail server from two sources
1 audit.log (only authorization)
2 mail.log (send and receive emails log)
For more flexibility I have next fields
server1.audit.sender_ip
server1.audit.recepient_ip
....
server1.audit.sender_email
and
server1.mail.sender_ip
server1.mail.recepient_ip
....
server1.mail.sender_email
Its possible to do same with geoip?
something like this?
server1.auth.geoip.ip
server1.auth.geoip.location
...
server1.auth.geoip.region_name