Referring to parts of the message as a macro

You can refer to the separated parts of the message using the key of the value as a macro. For example, if the message contains KEY1=value1,KEY2=value2, you can refer to the values as ${KEY1} and ${KEY2}.

for example, if the default prefix (.geoip2) is used, you can determine the country code using ${.geoip2.country.iso_code}.

To look up all keys:

Install the mmdb-bin package.

After installing this package, you will be able to use the mmdblookup command.

Note The name of the package depends on the Linux distribution. The package mentioned in this example is on Ubuntu.
Create a dump using the following command: `mmdblookup –file GeoLite2-City.mmdb –ip

The resulting dump file will contain the keys that you can use.

For a more complete list of keys, you can check the GeoIP Databases of MaxMind. However, note that the AxoSyslog application works with the mmdb (GeoIP2) format of these databases. Other formats, like csv are not supported.

Last modified December 18, 2024: Merge pull request #90 from axoflow/minor-fixes-241218 (68cd7df)