How do I use MaxMind after first install failure

[TidalWave123]

Hey Guys,

I finally got around to installing pfelk. It took me a while. But I'm happy to say it's finally working on at least one server.

Anyways, I'm curious, when I setup the first install of pfelk I selected maxmind and gave it my numbers, but I guess the maxmind failed. So Now that I have everything working, i'd like to get maxmind set up again to get the cool world graph.

What should I do to install max mind, do I need to run the install script again?

Best,
Tidal

[a3ilson]

@TidalWave123 -

You do not need MaxMind to leverage the GeoIP as Logstash has a built-in GeoIP database. Selecting MaxMind will simple leverage and utilize MaxMind's databases vs the built-in provided by Logstash.

However, if you utilized the script and provided your MaxMind it should be working as without the presence of those files, logstash will crash but check the following:

• Lines 7 and 8 of /etc/GeoIP.conf should contain your AccountID and LicenseKey
  • Confirm they are correct
• Line 13 should contain the following: EditionIDs GeoLite2-City GeoLite2-Country GeoLite2-ASN
• Line 18 should contain the following: DatabaseDirectory /var/lib/GeoIP/

If all the above is correct, check to see if the files were download, ls 'var/lib/GeoIP/
If the path is empty, run sudo geoipupdate and check again to see if the files are download
If the files still do not appear, check your credentials

Next, check 30-geoip.conf to make sure the maxmind files are being utilized. In other words, all instances of #MMR# should be removed and if you selected MaxMind via the script, it should have already removed.

Once everything has been updated and validated you'll need to restart logstash for it to utilize the specified MaxMind files (i.e. systemctl restart logstash.service)