LogScale includes GeoLite2 databases from MaxMind to enable ASN and IP
location lookups via the
ipLocation() function, respectively.
Due to the way these databases are licensed, they expire after 30 days and
thus must be updated regularly. If the IP location database or IP ASN
database expires, then any calls to
asn() will cause a warning in the query and not add
any location or ASN data to the event.
By default, the database is automatically updated via an update service hosted by LogScale if the cluster is running with a valid LogScale license.
If instead you wish to manage this yourself, you can supply your own
MaxMind databases by setting
false and placing the databases in the LogScale data
directory. The databases should be named the following:
IpLocationDb.mmdb, for the IP location database.
IpAsnDb.mmdb, for the IP ASN database.
LogScale will check these files periodically and reload them if they are updated.
It is also possible for LogScale to automatically download directly from MaxMind if you have a MaxMind license. To do so, the following must be set:
MAXMIND_ACCOUNT_ID, to the ID of your MaxMind account.
MAXMIND_LICENSE_KEY, to the license key for your MaxMind account.
MAXMIND_IP_LOCATION_EDITION_ID(optional), if you wish to use an alternative MaxMind database for IP location information.
MAXMIND_BASE_URL(optional), if you wish to use another base path to download from.
Below is an example of how these variables might be set:
AUTO_UPDATE_MAXMIND=true MAXMIND_ACCOUNT_ID=your-account-id MAXMIND_LICENSE_KEY=your-license-key MAXMIND_IP_LOCATION_EDITION_ID=GeoLite2-City MAXMIND_BASE_URL=http://my-maxmind-proxy.local