bernd
commented
5 years ago We should do the same as for the new threat intel plugin content pack and put the geo-ip content pack into the database but not install it by default.
The path to the geo-ip database should be a content pack parameter.
Since users should be encouraged to use the Graylog processing pipelines, it would help if the Geo IP lookup table (i. e. Geo IP data adapter and No-op cache) would be created automatically, similar to the Threat Intelligence lookup tables (WHOIS, Abuse.ch, etc.).