Graylog perform GeoIP lookup

1 minute read
,

Intro

In this post I will show you how to setup GeoIP filtering with graylog.

Graylog is a great product to gather log insights. The community version is fully open source and has all features that you need to get deeper insights about your enviroment.

Configurations

Lookup Tables

First you need to configure the Lookup Table for GeoIP. Therefore we need to setup a Data Adapter.

Data Adapter

Next, you need to configure the Caching Parameters.

Data Cache

The last step for the lookup table is the table itself, you need to insert the previous created Data Types. Lookup Table

Pipeline

To process the GeoIP you need an active pipeline, that is attached to a stream.

Therefore we need to create a Pipeline Rule.

The condition lookup name geoip-lookup in the line let geo = lookup("geoip-lookup", to_string($message.src_ip)); references to the “Lookup Table Name” created ealier.

Pipeline Rule

Map Settings

To define a world map you need to perform an aggregated search.

These are my settings for GeoIP Lookup:

Map Settings

GeoIP Bashboard

I embedded the map into a saved search.

Dasboard Overview

Web­mentions

This site supports Webmentions, a backlink-based alternative to comment forms.

Publish a response on your website and share the link here to send a webmention! You need to include the complete URL to be accepted.

This post does not have any approved Webmentions yet.