1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
.. index:: ! mmdblookup
************************************
MaxMind/GeoIP DB lookup (mmdblookup)
************************************
================ ==================================
**Module Name:** mmdblookup
**Author:** `chenryn <rao.chenlin@gmail.com>`_
**Available:** 8.24+
================ ==================================
Purpose
=======
MaxMindDB is the new file format for storing information about IP addresses
in a highly optimized, flexible database format. GeoIP2 Databases are
available in the MaxMind DB format.
Plugin author claimed a MaxMindDB vs GeoIP speed around 4 to 6 times.
How to build the module
=======================
To compile Rsyslog with mmdblookup you'll need to:
* install *libmaxminddb-devel* package
* set *--enable-mmdblookup* on configure
Configuration Parameter
=======================
.. note::
Parameter names are case-insensitive.
Module Parameters
-----------------
container
^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"word", "!iplocation", "no", "none"
.. versionadded:: 8.28.0
Specifies the container to be used to store the fields amended by
mmdblookup.
Input Parameters
----------------
key
^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"word", "none", "yes", "none"
Name of field containing IP address.
mmdbfile
^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"word", "none", "yes", "none"
Location of Maxmind DB file.
fields
^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"array", "none", "yes", "none"
Fields that will be appended to processed message. The fields will
always be appended in the container used by mmdblookup (which may be
overridden by the "container" parameter on module load).
By default, the maxmindb field name is used for variables. This can
be overridden by specifying a custom name between colons at the
beginning of the field name. As usual, bang signs denote path levels.
So for example, if you want to extract "!city!names!en" but rename it
to "cityname", you can use ":cityname:!city!names!en" as field name.
Examples
========
Minimum configuration
---------------------
This example shows the minimum configuration.
.. code-block:: none
# load module
module( load="mmdblookup" )
action( type="mmdblookup" mmdbfile="/etc/rsyslog.d/GeoLite2-City.mmdb"
fields=["!continent!code","!location"] key="!clientip" )
Custom container and field name
-------------------------------
The following example uses a custom container and custom field name
.. code-block:: none
# load module
module( load="mmdblookup" container="!geo_ip")
action( type="mmdblookup" mmdbfile="/etc/rsyslog.d/GeoLite2-City.mmdb"
fields=[":continent:!continent!code", ":loc:!location"]
key="!clientip")
|
