We have updated our Terms of Service, Code of Conduct, and Addendum.

Where to find GeoIP files

jroot42
jroot42 Posts: 4
edited September 2023 in General Discussions

When adding a GeoIP function to a pipeline, where do I upload .mmdb files (or where are they stored if I grabbed a pack that includes one)?

Tagged:

Best Answers

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    Please see the docs

    You can keep them anywhere, but large lookups like the geoip db should be outside of the deployment area. Instead manage deployment via some other management system (ansible, for example).

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    By default, Stream will look for bare file names in $CRIBL_HOME/data/lookups

Answers

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    Please see the docs

    You can keep them anywhere, but large lookups like the geoip db should be outside of the deployment area. Instead manage deployment via some other management system (ansible, for example).

  • jroot42
    jroot42 Posts: 4

    Ok, but how does the GeoIP function know where to look? The sample I grabbed from the " cribl-vpc-flow-for-security-teams" pack just has the filename in the "GeoIP file(.mmdb)" field, with no file path. Whats the default path for that?

  • Jon Rust
    Jon Rust Posts: 475 mod
    Answer ✓

    By default, Stream will look for bare file names in $CRIBL_HOME/data/lookups

Categories