I am using Elasticsearch and Kibana, entering data with filebeats direct to Elastic parsing the information with apache2 pipeline and they work perfectly but for the analysis that I should do I would like to change or add the geoip DB to the ip2proxy because it is important to know to classify the connections if they come from a VPN or the Tor network, has anyone worked or was it able to modify any module that generates the pipeline in windows through powershell for this type of task?
The classification of connection can differentiate by the ip2proxy.proxy_type data. It should show you the data that you needed.
Hello, thank you very much for your answer. My question is if someone modified the default pipeline in filebeat, it is the module that is
filebeats \ module \ apache \ access \ ingest file pipeline.yml and add it to use the IP2PROXY DB previously copied to
our server, How could it be modified?
Example of the original lines
- geoip:
field: source.ip
target_field: source.geo
ignore_missing: true - geoip:
database_file: GeoLite2-ASN.mmdb
field: source.ip
target_field: source.as
properties:- asn
- organization_name
ignore_missing: true
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.