When we use this command:
nc -w0 192.168.1.54 5514 <<< ‘8.8.8.8’
Geolocation is working but there is no geolocation parameters in ssh logs.
How we can use Geolocation with ssh logs.
he @denizilhan
you are using a processing pipeline for geo location or the GeoIP Resolver processor?
It might be helpful to read the documentation to understand that the resolver will automatically only work if in a field is a single IP only given and does not extract IP from any data. Extract the IP from your SSH logs into a single field and it will work.
We made a mistake in rules.
We wrote src_ip but it should be ipAdress in set_fields in rules.
Than you for your answer
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.