We’ve been using the geolocation processor to pull out the IP addresses of people visiting our website and various applications. This has been very useful and we’ve got multiple maps running on dashboards.
However, the other day we noticed a visit on oe of our applications from Norway so decided to investigate. When I put the IP address into a number of different online IP address geo-locators, they all returned that the IP address was in fact from the UK, with no mention of Norway from any of them. This was also confirmed with the user who was sat at home in the UK and provided us with the same IP address that we could see in Graylog.
Does anyone know what Graylog uses to determine the geolocation of IP addresses? And whether this can be updated or modified? Or even changed to use a different source completely. I’m aware that it’ll never likely be completely accurate, but I’m concerned that we may have others that have been processed incorrectly and labelled as coming from the wrong country.