MaxMind/GeoIP DB lookup (mmdblookup)¶

Module Name:	mmdblookup
Author:	chenryn
Available:	8.24+

Purpose¶

MaxMindDB is the new file format for storing information about IP addresses in a highly optimized, flexible database format. GeoIP2 Databases are available in the MaxMind DB format.

Plugin author claimed a MaxMindDB vs GeoIP speed around 4 to 6 times.

How to build the module¶

To compile Rsyslog with mmdblookup you’ll need to:

install libmaxminddb-devel package
set –enable-mmdblookup on configure

Configuration Parameter¶

Note

Parameter names are case-insensitive; camelCase is recommended for readability.

Module Parameters¶

Parameter	Summary
container	Specifies the container for fields amended by mmdblookup.

Input Parameters¶

Parameter	Summary
key	Identifies the message field that supplies the IP address to look up.
mmdbfile	Specifies the path to the MaxMind DB file used for lookups.
fields	Defines the list of database fields whose values are appended to the message.
reloadonhup	Controls whether mmdblookup reopens the MaxMind database after a HUP signal.

Examples¶

Minimum configuration¶

This example shows the minimum configuration.

# load module
module( load="mmdblookup" )

action( type="mmdblookup" mmdbfile="/etc/rsyslog.d/GeoLite2-City.mmdb"
             fields=["!continent!code","!location"] key="!clientip" )

Custom container and field name¶

The following example uses a custom container and custom field name

# load module
module( load="mmdblookup" container="!geo_ip")

action( type="mmdblookup" mmdbfile="/etc/rsyslog.d/GeoLite2-City.mmdb"
             fields=[":continent:!continent!code", ":loc:!location"]
             key="!clientip")

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project