IP2location In place of GeoIP

(bruno.dev) #1


I recently open a thread on the demand to move from GeoIP to IP2location (see GeoIP Lite EOL pipeline filter) and i am now trying. How ever, i failed in my uses cases. I use the GeoIp pipeline filter to fill the GeoIP values from an IP address extracted from syslog-events. I just realised that a logstash-plugin exists but no elastisearch-plugin. Hence a pipeline filter has no sense right ? It means that GeoIP pipeline filter was working but IP2location will not.
It should be a small task to create a similar ip2location plugin for elastisearch based on the GeoIP plugin right ? How do you see the task to do it ?

`sudo ./elasticsearch-plugin install elastisearch-filter-ip2location
 ERROR: Unknown plugin elastisearch-filter-ip2location `


(bruno.dev) #2

:disappointed_relieved: New try for the thread

(Christian Dahlqvist) #3

Since there is a Logstash plugin maintained by the company behind ip2location, why don't you do the processing in Logstash instead?

(bruno.dev) #4

Hi christian, thanks for challenging the idea. I did not run the process in logstash as the IP ( i would like info about) is extracted from a syslog messages transmit by my home router. The IP is then affected to a private field by elastisearch and will be processed as input of the GeoIP filter. Example : I am looking after the character SRC= :

  kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=

Once affected to the private field , I run the GeoIP pipeline filter on this private variable.

In this uses cases i did not know how to do it with ip2location. I also would like that we keep free this functionality. True, If the company behind ip2location is not an engine on this then we can find another alternative too. no worries. agree. if we have to do something (as free personnal end user) then we can. thats' why i am asking ? all good. :ok_hand:


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.