I want to know if there are blacklisted ip address that contact my web services in real-time.
Every day I download a blacklist of ip address and I want to add this information to my logs.
My idea is to pre-process logs and next to send logs to elasticsearch with this steps:
blacklistedip.txt--->Logstash--->Kafka--->Logstash--->Elasticsearch
Webserviceslogs--->Logstash-------^
Have you a better idea?