To use the GeoLite2 web services instead of GeoIP2, set the host method on the builder to. You must provide the Builder constructor your MaxMind accountId and licenseKey. Look up the second level domain names associated with IP addresses. To use the web service API, you must create a new WebServiceClient using the WebServiceClient.Builder. Having additional data on those logs that give you the Geolocation of the IP address helps your investigations and understanding of your traffic patterns.įor example, if you can see logs on a World Map, you can quickly identify communications with countries you haven’t communicated with previously. Online pricing of the GeoIP databases is meant for internal Restricted Business.
Your firewalls, web servers, wireless infrastructure, and endpoints can contain IP addresses outside your organization.
Gathering logs that contain IP addresses are quite common across your infrastructure. You can find the full description of the schema for these files in the section on Blocks files for GeoIP2 and GeoLite2 CSV databases.If you are working with a different database, you can find the Blocks file schema for the appropriate database, and adapt the table to meet that structure. It’s no surprise that the steps to configure the Geolocation resolution and create a map with the extracted geo-information was a popular post in 2020. Graylog lets you extract and visualize Geolocation information from IP addresses in your logs. With the workforce scattered across the city, state, and sometimes country or farther, IT Teams needed to review and understand the new and evolving traffic patterns. The rapid shift to working remotely brought included many new IP addresses in the company log data. This blog post is part of Graylog’s 2020 Must Reads series.