Using geoip properly

Hi,

I'm using geoip but would like to make sure i'm implementing it correctly.
So my config looks like this:
filter {
geoip {
source => "ip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
}
geoip {
source => "client_ip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
}
geoip {
source => "fail2ban_ip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
}
geoip {
source => "dovecot_auth_fail_rip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
}
geoip {
source => "system_auth_ip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
}
geoip {
source => "system_auth_srcip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
}
}

When logstash starts, this shows in the log files:
[2018-06-21T19:32:11,583][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
[2018-06-21T19:32:11,716][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
[2018-06-21T19:32:11,726][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
[2018-06-21T19:32:11,733][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
[2018-06-21T19:32:11,736][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
[2018-06-21T19:32:11,741][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}

Is there a way I can specify ONCE where the GeoLite database is and have geoip use it for all sources?

Is there a way I can specify ONCE where the GeoLite database is and have geoip use it for all sources?

No.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.