Merge pull request #1351 from telekom-security/master

fixes #1346
telekom-security · Jun 13, 2023 · ecb1dcd · ecb1dcd
2 parents 2c4eaf0 + c180816
commit ecb1dcd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf
@@ -638,11 +638,13 @@ if "_jsonparsefailure" in [tags] { drop {} }
     geoip {
       cache_size => 10000
       source => "src_ip"
+      default_database_type => "City"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "src_ip"
+      default_database_type => "ASN"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb"
     }
     translate {
@@ -657,12 +659,14 @@ if "_jsonparsefailure" in [tags] { drop {} }
       cache_size => 10000
       source => "t-pot_ip_ext"
       target => "geoip_ext"
+      default_database_type => "City"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "t-pot_ip_ext"
       target => "geoip_ext"
+      default_database_type => "ASN"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb"
     }
   }

diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
@@ -638,11 +638,13 @@ if "_jsonparsefailure" in [tags] { drop {} }
     geoip {
       cache_size => 10000
       source => "src_ip"
+      default_database_type => "City"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "src_ip"
+      default_database_type => "ASN"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb"
     }
     translate {
@@ -657,12 +659,14 @@ if "_jsonparsefailure" in [tags] { drop {} }
       cache_size => 10000
       source => "t-pot_ip_ext"
       target => "geoip_ext"
+      default_database_type => "City"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "t-pot_ip_ext"
       target => "geoip_ext"
+      default_database_type => "ASN"
 #      database => "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-filter-geoip-7.2.12-java/vendor/GeoLite2-ASN.mmdb"
     }
   }