Skip to content

Latest commit

 

History

History
58 lines (50 loc) · 2.38 KB

README.md

File metadata and controls

58 lines (50 loc) · 2.38 KB

MMDB

Create a MaxMind Databases for your own needs.

pip install mmdb[cli]

Features

  • Query any maxmind database: mmdb get <IP> -d <DATABASE>
  • Download and build DBIP database ASN Lite, Country Lite, and City Lite: mmdb dbip-build
  • Create an IP database from a CSV file: mmdb build <CSV>
  • Logstash GeoIP Filter Plugin compatibility: mmdb build <CSV> --lsc
  • Additional country data such as is_eu, is_nato, or is_g7: mmdb build <CSV> -f country

Examples

Example Localnet Example Country

Logstash Compatibility

Logstash ships with the GeoIP Filter Plugin which enriches a document with IP GeoData. However, the plugin supports specific MaxMind database types only. As a result, any other database type disables the plugin.

Regarding this, the plag --lsc enables logstash support. Long story short: You get a MaxMind ASN Database, but the IP info as an embedded json string within the asn_organization_name field. The logstash pipeline must load that json data and adds it to the document, exemplified below

filter {
  geoip {
    source => "ip"
    database => "/path/to/my/database.mmdb"
    ecs_compatibility => disabled
    target => "wrapped_ip_data"
  }
  json {
    source => "[wrapped_ip_data][organization_name]"
    target => "myip"
  }
  mutate {
    remove_field => ["wrapped_ip_data"]
  }
}