Hi,
i’m using graylog 4.3 and the geolocalization feature with MaxMind GeoLite2-City.mmdb and it works fine with my rule in the pipeline.
How graylog manage the mmdb update? Every 3d the file is updated and I need to restart Graylog to use the new version.
Is there another way to update it without a graylog restart?
Thanks
Gianluca
Hi,
I update the MMDB’s in my setup using the geoipupdate script from MaxMind:
MaxMind geoipupdate
Since it just replaces the database file on the filesystem, I would assume that no reboot is needed, but since I reboot my nodes every few days anyway I can’t say for sure.
Hope this helps.
Best regards
Thanks @bettels-uhi
I find the configuration of geoip plugin that you can enable in order to be sure that the mmdb is read in a schedule way.
So i’d like to understand if there is an API that can I use in order to enable it programmatically. Do you have any suggestion?
Using Graylog swagger I just see something about geoip adapter but nothing about that view
Thanks
Gianluca
Hi I solved it using
URL: /api/system/cluster_config/org.graylog.plugins.map.config.GeoIpResolverConfig
json payload:
{
“enabled”: true,
“enforce_graylog_schema”: true,
“db_vendor_type”: “MAXMIND”,
“city_db_path”: “/etc/graylog/server/GeoLite2-City.mmdb”,
“asn_db_path”: “/etc/graylog/server/GeoLite2-ASN.mmdb”,
“refresh_interval_unit”: “MINUTES”,
“refresh_interval”: 10,
“use_s3”: false
}
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
