Support updating GeoIP databases without restart

[joschi]

From @emsearcy on February 25, 2017 3:6

Summary: the Geo-Location Processor stops appending _geolocation when the City database is updated/replaced.

Expected Behavior

Graylog continues appending _geolocation after a new City database is downloaded, using the updated GeoIP database values, without restarting graylog-server.

Current Behavior

After a new City database is downloaded, matching _geolocation fields are no longer added to IP address fields, until graylog-server is restarted.

Steps to Reproduce

The free GeoIP databases are updated once the first Tuesday of each month. Run the following to check for updates and replace the current mmdb when an update is available.

cd /usr/share/GeoIP # or other plugin-configured db location wget -q -t1 --timestamping http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz test GeoLite2-City.mmdb.gz -nt GeoLite2-City.mmdb && gunzip -c GeoLite2-City.mmdb.gz > GeoLite2-City.mmdb

When a new gz is downloaded, and the mmdb file has been overwritten by the update, check incoming log entries to see if _geolocation is still present on IP fields.

Your Environment

• Graylog Version: 2.1.2. (I've just upgraded to 2.2.1 and will re-verify next month, but wanted to submit this before I forgot, and I don't see anything in the recent release notes to suggest this was fixed.)
• Elasticsearch Version: elasticsearch-2.4.1-1.noarch
• MongoDB Version: mongodb-2.4.14-4.el6.x86_64
• Operating System: RHEL 6

Copied from original issue: Graylog2/graylog2-server#3546

[mlazzarotto]

Does a workaround exist? I would like to periodically update the GeoIP DB.