Looking up GeoIP2 data from IP addresses

The AxoSyslog application can lookup IP addresses from an offline GeoIP2 database, and make the retrieved data available in name-value pairs. Depending on the database used, you can access country code, longitude, and latitude information and so on.

The AxoSyslog application works with the Country and the City version of the GeoIP2 database, both free and the commercial editions. The AxoSyslog application works with the mmdb (GeoIP2) format of these databases. Other formats, like csv are not supported.

Note

To access longitude and latitude information, download the City version of the GeoIP2 database.

There are two types of GeoIP2 databases available.

GeoLite2 City:
- free of charge
- less accurate
GeoIP2 City:
- has to be purchased
- more accurate

Unzip the downloaded database (for example, to the /usr/share/GeoIP2/GeoIP2City.mmdb file). This path will be used later in the configuration.

Starting with version 3.24, AxoSyslog tries to automatically detect the location of the database. If that is successful, the database() option is not mandatory.

Looking up GeoIP2 data from IP addresses

Referring to parts of the message as a macro

Using the GeoIP2 parser

Transferring your logs to Elasticsearch using GeoIP2

Options of geoip2 parsers