We have updated our Terms of Service, Code of Conduct, and Addendum.

Where to find GeoIP files

Options
jroot42
jroot42 Posts: 4
edited September 2023 in General Discussions

When adding a GeoIP function to a pipeline, where do I upload .mmdb files (or where are they stored if I grabbed a pack that includes one)?

Tagged:

Best Answers

  • Jon Rust
    Jon Rust Posts: 431 mod
    Answer ✓
    Options

    Please see the docs

    You can keep them anywhere, but large lookups like the geoip db should be outside of the deployment area. Instead manage deployment via some other management system (ansible, for example).

  • Jon Rust
    Jon Rust Posts: 431 mod
    Answer ✓
    Options

    By default, Stream will look for bare file names in $CRIBL_HOME/data/lookups

Answers

  • Jon Rust
    Jon Rust Posts: 431 mod
    Answer ✓
    Options

    Please see the docs

    You can keep them anywhere, but large lookups like the geoip db should be outside of the deployment area. Instead manage deployment via some other management system (ansible, for example).

  • jroot42
    jroot42 Posts: 4
    Options

    Ok, but how does the GeoIP function know where to look? The sample I grabbed from the " cribl-vpc-flow-for-security-teams" pack just has the filename in the "GeoIP file(.mmdb)" field, with no file path. Whats the default path for that?

  • Jon Rust
    Jon Rust Posts: 431 mod
    Answer ✓
    Options

    By default, Stream will look for bare file names in $CRIBL_HOME/data/lookups

Categories