search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.45k stars 1.07k forks source link

MaxMind GeoIP ISP Support #12153

Open ghost opened 2 years ago

ghost commented 2 years ago

What?

Do you plan to add support for MaxMind GeoIP ISP databases?

Why?

The GeoLite2-ASN database provides basic ASN information for Geoip lookups, but it doesn't provide organization-level information. It would be great to be able to add the GeoIP2-ISP database

The database returns no data when trying to add it under ASN or any other database type in the data adapter.

When looking at the MaxMind Java documentation (https://maxmind.github.io/GeoIP2-java/), it looks like the only difference between ISP and ASN is the additional fields and the database reader variable.

ASN

// A File object pointing to your GeoLite2 ASN database
File database = new File("/path/to/GeoLite2-ASN.mmdb");

// This creates the DatabaseReader object. To improve performance, reuse
// the object across lookups. The object is thread-safe.
try (DatabaseReader reader = new DatabaseReader.Builder(database).build()) {

    InetAddress ipAddress = InetAddress.getByName("128.101.101.101");

    AsnResponse response = reader.asn(ipAddress);

    System.out.println(response.getAutonomousSystemNumber());       // 217
    System.out.println(response.getAutonomousSystemOrganization()); // 'University of Minnesota'
}

ISP

// A File object pointing to your GeoIP2 ISP database
File database = new File("/path/to/GeoIP2-ISP.mmdb");

// This creates the DatabaseReader object. To improve performance, reuse
// the object across lookups. The object is thread-safe.
DatabaseReader reader = new DatabaseReader.Builder(database).build();

InetAddress ipAddress = InetAddress.getByName("128.101.101.101");

IspResponse response = reader.isp(ipAddress);

System.out.println(response.getAutonomousSystemNumber());       // 217
System.out.println(response.getAutonomousSystemOrganization()); // 'University of Minnesota'
System.out.println(response.getIsp());                          // 'University of Minnesota'
System.out.println(response.getOrganization());                 // 'University of Minnesota'

Your Environment

ghost commented 2 years ago

Curious if there were any discussions at the product team level on adding this functionality. Perhaps even as an enterprise license option.

elanfer commented 2 years ago

I'm also interested in this feature, are there any news on this?

happyked commented 2 years ago

Would also like to see this feature.