-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Doc] GeoIP database service #177
Changes from 4 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||
---|---|---|---|---|---|---|---|---|
|
@@ -21,22 +21,41 @@ include::{include_path}/plugin_header.asciidoc[] | |||||||
==== Description | ||||||||
|
||||||||
The GeoIP filter adds information about the geographical location of IP addresses, | ||||||||
based on data from the Maxmind GeoLite2 databases. | ||||||||
based on data from the MaxMind GeoLite2 databases. | ||||||||
|
||||||||
==== Supported Databases | ||||||||
|
||||||||
This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From Maxmind's description -- | ||||||||
This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From MaxMind's description -- | ||||||||
"GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s | ||||||||
GeoIP2 databases". Please see GeoIP Lite2 license for more details. | ||||||||
|
||||||||
https://www.maxmind.com/en/geoip2-databases[Commercial databases] from Maxmind are also supported in this plugin. | ||||||||
https://www.maxmind.com/en/geoip2-databases[Commercial databases] from MaxMind are also supported in this plugin. | ||||||||
|
||||||||
If you need to use databases other than the bundled GeoLite2 City, you can download them directly | ||||||||
from Maxmind's website and use the `database` option to specify their location. The GeoLite2 databases | ||||||||
from MaxMind's website and use the `database` option to specify their location. The GeoLite2 databases | ||||||||
can be https://dev.maxmind.com/geoip/geoip2/geolite2[downloaded from here]. | ||||||||
|
||||||||
If you would like to get Autonomous System Number(ASN) information, you can use the GeoLite2-ASN database. | ||||||||
|
||||||||
[id="plugins-{type}s-{plugin}-database_license"] | ||||||||
==== Database License | ||||||||
|
||||||||
https://www.maxmind.com[MaxMind] changed from releasing the GeoIP database under | ||||||||
a Creative Commons (CC) license to a proprietary end-user license agreement | ||||||||
(EULA). The MaxMind EULA requires Logstash to update the MaxMind database | ||||||||
within 30 days of a database update. If Logstash fails to download the database | ||||||||
for 30 days, it will stop the pipeline in order to maintain compliance. | ||||||||
|
||||||||
The GeoIP filter plugin can manage the database for users running the Logstash default | ||||||||
distribution, or you can manage | ||||||||
database updates on your own. The behavior is controlled by the `database` setting. | ||||||||
When you use the default `database` setting, the auto-update feature ensures that the plugin is | ||||||||
using the latest version of the database. | ||||||||
Otherwise, you are responsible for maintaining compliance. | ||||||||
|
||||||||
The Logstash open source distribution uses the MaxMind Creative Commons license | ||||||||
database by default. | ||||||||
|
||||||||
==== Details | ||||||||
|
||||||||
A `[geoip][location]` field is created if | ||||||||
|
@@ -109,14 +128,15 @@ number of cache misses and waste memory. | |||||||
===== `database` | ||||||||
|
||||||||
* Value type is <<path,path>> | ||||||||
* There is no default value for this setting. | ||||||||
* If not specified, the database defaults to the GeoLite2 City database that ships with Logstash. | ||||||||
|
||||||||
The path to Maxmind's database file that Logstash should use. The default database is GeoLite2-City. | ||||||||
GeoLite2-City, GeoLite2-Country, GeoLite2-ASN are the free databases from Maxmind that are supported. | ||||||||
GeoIP2-City, GeoIP2-ISP, GeoIP2-Country are the commercial databases from Maxmind that are supported. | ||||||||
The path to MaxMind's database file that Logstash should use. The default database is GeoLite2-City. | ||||||||
GeoLite2-City, GeoLite2-Country, GeoLite2-ASN are the free databases from MaxMind that are supported. | ||||||||
GeoIP2-City, GeoIP2-ISP, GeoIP2-Country are the commercial databases from MaxMind that are supported. | ||||||||
|
||||||||
If not specified, this will default to the GeoLite2 City database that ships | ||||||||
with Logstash. | ||||||||
Database auto-update applies to default distribution. When `database` point to user's database path, | ||||||||
auto-update will be disabled | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Be more explicit here to emphasize no auto-update if There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||
{logstash-ref}/plugins-filters-geoip.html#plugins-filters-geoip-database_license[see also database license] | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||
|
||||||||
[id="plugins-{type}s-{plugin}-default_database_type"] | ||||||||
===== `default_database_type` | ||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.