I want to understand how does the GeoIP work.
I want to use it to track employees: If 1 of my private IPs is out of town then an alarm must be set.
My first idea (as I am a newbie in Elastic) was of correlating the private IPs with the public ones in the firewall.
My second idea is using the GeoIP of Elastic. But first I need to understand how does it work.
What do I need to have to get started: The range of private IPs and what else?
Do I also need the latitude and longitude of each one? How can I get these values?
What will happen if the private IPs change dinamically?
IP address is allocated by the network that the computer is connected to. If an employee is sitting in a starbucks out of town and connected to the startbucks wifi network, this network will allocated the address from its pool if internal IP addresses. Another starbucks in a different part of the country might use exactly the same network setup and have exactly the same pool of private IP addresses. In other words it is not possible to detect the location based on the private IP address. It order to spy on employees detect employees location, privacy concerns aside, you need to force their laptops to give your their public IP address, which you can resolve using GeoIP. I think the most ethical way to do it would be to capture logs on VPN connections and make sure that each employee has their own set of credential for connecting to VPN.
They have offices in different locations and each office has a internal networks that they control with specific IP range they know and office location that they can check on the map. They want to map IP addresses from these offices internal networks to locations of these offices. If this is your use case, I probably misunderstood your original question and you can definitely do that (to a certain degree).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.