From 41a5ffa132179ce9c2025a89a8be7b0a19543b6d Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Wed, 1 Aug 2018 16:01:11 -0500 Subject: [PATCH] Improve install/setup instructions for libmaxminddb Improved install instructions for libmaxminddb and location database. Improved the explanation of how Bro finds the location database files, fixed some reST formatting, and fixed a broken link. --- doc/frameworks/geoip.rst | 56 ++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/doc/frameworks/geoip.rst b/doc/frameworks/geoip.rst index d826aabff6..06829bfcd5 100644 --- a/doc/frameworks/geoip.rst +++ b/doc/frameworks/geoip.rst @@ -10,8 +10,8 @@ GeoLocation During the process of creating policy scripts the need may arise to find the geographic location for an IP address. Bro had support for the `GeoIP library `__ at the - policy script level from release 1.3 to 2.5.X to account for this - need. Starting with release 2.6 GeoIP support requires `libmaxminddb + policy script level from release 1.3 to 2.5.x to account for this + need. Starting with release 2.6, GeoIP support requires `libmaxminddb `__. To use this functionality, you need to first install the libmaxminddb software, and then install the GeoLite2 city database before building @@ -19,17 +19,11 @@ GeoLocation .. contents:: -Install libGeoIP ----------------- +Install libmaxminddb +-------------------- Before building Bro, you need to install libmaxminddb. -* FreeBSD: - - .. console:: - - sudo pkg install libmaxminddb - * RPM/RedHat-based Linux: .. console:: @@ -42,12 +36,17 @@ Before building Bro, you need to install libmaxminddb. sudo apt-get install libmaxminddb-dev +* FreeBSD: + + .. console:: + + sudo pkg install libmaxminddb + * Mac OS X: You need to install from your preferred package management system - (e.g. MacPorts, Fink, or Homebrew). The name of the package that you need - may be libmaxminddb, maxminddb, or libmaxminddb-dev, depending on which - package management system you are using. + (e.g. Homebrew, MacPorts, or Fink). For Homebrew, the name of the package + that you need is libmaxminddb. GeoLite2-City Database Installation @@ -64,8 +63,8 @@ the GeoLite2 city binary database: wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz tar zxf GeoLite2-City.tar.gz -Next, the file "GeoLite2-City_YYYYMMDD/GeoLite2-City.mmdb" needs to be renamed -and put in the GeoIP database directory. This directory should already exist +Next, the file "GeoLite2-City_YYYYMMDD/GeoLite2-City.mmdb" needs to be moved +to the GeoIP database directory. This directory might already exist and will vary depending on which platform and package you are using. For FreeBSD, use ``/usr/local/share/GeoIP``. For Linux, use ``/usr/share/GeoIP`` or ``/var/lib/GeoIP`` (choose whichever one already exists). @@ -88,22 +87,23 @@ functionality works by running a command like this: If you see an error message similar to "Failed to open GeoIP location database", then you may need to either rename or move your GeoIP -location database file. Bro looks for location database files in the -following order by default: +location database file. If the :bro:see:`mmdb_dir` value is set to a +directory pathname (it is not set by default), then Bro looks for location +database files in that directory. If none are found or if mmdb_dir is not set, +then Bro looks for location database files in the following order: - /usr/share/GeoIP/GeoLite2-City.mmdb - /var/lib/GeoIP/GeoLite2-City.mmdb - /usr/local/share/GeoIP/GeoLite2-City.mmdb - /usr/local/var/GeoIP/GeoLite2-City.mmdb - /usr/share/GeoIP/GeoLite2-Country.mmdb - /var/lib/GeoIP/GeoLite2-Country.mmdb - /usr/local/share/GeoIP/GeoLite2-Country.mmdb - /usr/local/var/GeoIP/GeoLite2-Country.mmdb +* /usr/share/GeoIP/GeoLite2-City.mmdb +* /var/lib/GeoIP/GeoLite2-City.mmdb +* /usr/local/share/GeoIP/GeoLite2-City.mmdb +* /usr/local/var/GeoIP/GeoLite2-City.mmdb +* /usr/share/GeoIP/GeoLite2-Country.mmdb +* /var/lib/GeoIP/GeoLite2-Country.mmdb +* /usr/local/share/GeoIP/GeoLite2-Country.mmdb +* /usr/local/var/GeoIP/GeoLite2-Country.mmdb If you see an error message similar to "Bro was not configured for GeoIP -support", then you either need to rebuild Bro and make sure it is linked -against libmaxminddb or else set the :bro:see:`mmdb_dir`` value -correctly. Normally, if libmaxminddb is installed correctly then it +support", then you need to rebuild Bro and make sure it is linked +against libmaxminddb. Normally, if libmaxminddb is installed correctly then it should automatically be found when building Bro. If this doesn't happen, then you may need to specify the path to the libmaxminddb installation (e.g. ``./configure --with-geoip=``).