Hi I am new begginer of GrayLog Config
For now I have some problems with config. GeoIP for Graylog
I had installed my Graylog 3.2.4 on Ubuntu 18.04, then create one input for Linux Syslog use this configuration on my other VPS server, which I want to control and monitoring with Graylog:
sudo nano /etc/rsyslog.d/90-graylog.conf
Add this one line:
. @mydomen.com:4459;RSYSLOG_SyslogProtocol23Format
And That’s all I recive all data that I need
But…
I want to use Graylog GeoIP, for it I had done next:
- Download GeoLite2-City.mmdb Database
- Put it in correct way “/etc/graylog/server/”
- DB is reading for Graylog
- Create Table lookup by this manuals:
https://www.graylog.org/post/how-to-set-up-graylog-geoip-configuration
https://www.graylog.org/post/implementing-geolocation-with-graylog-pipelines
And many others - I create pipeline rule:
rule “GeoIP lookup: src_ip”
when
has_field(“gl2_remote_ip”)
then
let geo = lookup(“geoip”, to_string($message.gl2_remote_ip));
set_field(“gl2_remote_ip_geo_location”, geo[“coordinates”]);
set_field(“gl2_remote_ip_geo_country”, geo[“country”].iso_code);
set_field(“gl2_remote_ip_geo_city”, geo[“city”].names.en);
end
That I can get information about IP I add field “gl2_remote_ip”, which contains IP-address, BUT
My World Map does not work and doesn’t show any information on the map
In all guides that I read it must be src_ip or other field, which include IP in my case it is gl2_remote_ip
Plz help me?
What I must to do?
I must create pipeline for extract ip from gl2_remote_ip and put it in custom field for example “ip_src”???
Or What??
I am stuck (
