mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Improve install/setup instructions for libmaxminddb
Improved install instructions for libmaxminddb and location database. Improved the explanation of how Bro finds the location database files, fixed some reST formatting, and fixed a broken link.
This commit is contained in:
Daniel Thayer
parent
021115a6fa
commit
41a5ffa132
1 changed files with 28 additions and 28 deletions
|
|
@ -10,8 +10,8 @@ GeoLocation
|
|||
During the process of creating policy scripts the need may arise
|
||||
to find the geographic location for an IP address. Bro had support
|
||||
for the `GeoIP library <http://www.maxmind.com/app/c>`__ at the
|
||||
policy script level from release 1.3 to 2.5.X to account for this
|
||||
need. Starting with release 2.6 GeoIP support requires `libmaxminddb
|
||||
policy script level from release 1.3 to 2.5.x to account for this
|
||||
need. Starting with release 2.6, GeoIP support requires `libmaxminddb
|
||||
<https://github.com/maxmind/libmaxminddb/releases>`__.
|
||||
To use this functionality, you need to first install the libmaxminddb
|
||||
software, and then install the GeoLite2 city database before building
|
||||
|
|
@ -19,17 +19,11 @@ GeoLocation
|
|||
|
||||
.. contents::
|
||||
|
||||
Install libGeoIP
|
||||
----------------
|
||||
Install libmaxminddb
|
||||
--------------------
|
||||
|
||||
Before building Bro, you need to install libmaxminddb.
|
||||
|
||||
* FreeBSD:
|
||||
|
||||
.. console::
|
||||
|
||||
sudo pkg install libmaxminddb
|
||||
|
||||
* RPM/RedHat-based Linux:
|
||||
|
||||
.. console::
|
||||
|
|
@ -42,12 +36,17 @@ Before building Bro, you need to install libmaxminddb.
|
|||
|
||||
sudo apt-get install libmaxminddb-dev
|
||||
|
||||
* FreeBSD:
|
||||
|
||||
.. console::
|
||||
|
||||
sudo pkg install libmaxminddb
|
||||
|
||||
* Mac OS X:
|
||||
|
||||
You need to install from your preferred package management system
|
||||
(e.g. MacPorts, Fink, or Homebrew). The name of the package that you need
|
||||
may be libmaxminddb, maxminddb, or libmaxminddb-dev, depending on which
|
||||
package management system you are using.
|
||||
(e.g. Homebrew, MacPorts, or Fink). For Homebrew, the name of the package
|
||||
that you need is libmaxminddb.
|
||||
|
||||
|
||||
GeoLite2-City Database Installation
|
||||
|
|
@ -64,8 +63,8 @@ the GeoLite2 city binary database:
|
|||
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
|
||||
tar zxf GeoLite2-City.tar.gz
|
||||
|
||||
Next, the file "GeoLite2-City_YYYYMMDD/GeoLite2-City.mmdb" needs to be renamed
|
||||
and put in the GeoIP database directory. This directory should already exist
|
||||
Next, the file "GeoLite2-City_YYYYMMDD/GeoLite2-City.mmdb" needs to be moved
|
||||
to the GeoIP database directory. This directory might already exist
|
||||
and will vary depending on which platform and package you are using. For
|
||||
FreeBSD, use ``/usr/local/share/GeoIP``. For Linux, use ``/usr/share/GeoIP``
|
||||
or ``/var/lib/GeoIP`` (choose whichever one already exists).
|
||||
|
|
@ -88,22 +87,23 @@ functionality works by running a command like this:
|
|||
|
||||
If you see an error message similar to "Failed to open GeoIP location
|
||||
database", then you may need to either rename or move your GeoIP
|
||||
location database file. Bro looks for location database files in the
|
||||
following order by default:
|
||||
location database file. If the :bro:see:`mmdb_dir` value is set to a
|
||||
directory pathname (it is not set by default), then Bro looks for location
|
||||
database files in that directory. If none are found or if mmdb_dir is not set,
|
||||
then Bro looks for location database files in the following order:
|
||||
|
||||
/usr/share/GeoIP/GeoLite2-City.mmdb
|
||||
/var/lib/GeoIP/GeoLite2-City.mmdb
|
||||
/usr/local/share/GeoIP/GeoLite2-City.mmdb
|
||||
/usr/local/var/GeoIP/GeoLite2-City.mmdb
|
||||
/usr/share/GeoIP/GeoLite2-Country.mmdb
|
||||
/var/lib/GeoIP/GeoLite2-Country.mmdb
|
||||
/usr/local/share/GeoIP/GeoLite2-Country.mmdb
|
||||
/usr/local/var/GeoIP/GeoLite2-Country.mmdb
|
||||
* /usr/share/GeoIP/GeoLite2-City.mmdb
|
||||
* /var/lib/GeoIP/GeoLite2-City.mmdb
|
||||
* /usr/local/share/GeoIP/GeoLite2-City.mmdb
|
||||
* /usr/local/var/GeoIP/GeoLite2-City.mmdb
|
||||
* /usr/share/GeoIP/GeoLite2-Country.mmdb
|
||||
* /var/lib/GeoIP/GeoLite2-Country.mmdb
|
||||
* /usr/local/share/GeoIP/GeoLite2-Country.mmdb
|
||||
* /usr/local/var/GeoIP/GeoLite2-Country.mmdb
|
||||
|
||||
If you see an error message similar to "Bro was not configured for GeoIP
|
||||
support", then you either need to rebuild Bro and make sure it is linked
|
||||
against libmaxminddb or else set the :bro:see:`mmdb_dir`` value
|
||||
correctly. Normally, if libmaxminddb is installed correctly then it
|
||||
support", then you need to rebuild Bro and make sure it is linked
|
||||
against libmaxminddb. Normally, if libmaxminddb is installed correctly then it
|
||||
should automatically be found when building Bro. If this doesn't
|
||||
happen, then you may need to specify the path to the libmaxminddb
|
||||
installation (e.g. ``./configure --with-geoip=<path>``).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue