Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Improve install/setup instructions for libmaxminddb

Browse source 
Improved install instructions for libmaxminddb and location database.
Improved the explanation of how Bro finds the location database files,
fixed some reST formatting, and fixed a broken link.
This commit is contained in:
Daniel Thayer 2018-08-01 16:01:11 -05:00
parent 021115a6fa
commit 41a5ffa132
1 changed files with 28 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

56
doc/frameworks/geoip.rst
View file

@ -10,8 +10,8 @@ GeoLocation
During the process of creating policy scripts the need may arise During the process of creating policy scripts the need may arise
to find the geographic location for an IP address. Bro had support to find the geographic location for an IP address. Bro had support
for the `GeoIP library <http://www.maxmind.com/app/c>`__ at the for the `GeoIP library <http://www.maxmind.com/app/c>`__ at the
policy script level from release 1.3 to 2.5.X to account for this policy script level from release 1.3 to 2.5.x to account for this
need. Starting with release 2.6 GeoIP support requires `libmaxminddb need. Starting with release 2.6, GeoIP support requires `libmaxminddb
<https://github.com/maxmind/libmaxminddb/releases>`__. <https://github.com/maxmind/libmaxminddb/releases>`__.
To use this functionality, you need to first install the libmaxminddb To use this functionality, you need to first install the libmaxminddb
software, and then install the GeoLite2 city database before building software, and then install the GeoLite2 city database before building
@ -19,17 +19,11 @@ GeoLocation
.. contents:: .. contents::
Install libGeoIP Install libmaxminddb
---------------- --------------------
Before building Bro, you need to install libmaxminddb. Before building Bro, you need to install libmaxminddb.
* FreeBSD:
.. console::
sudo pkg install libmaxminddb
* RPM/RedHat-based Linux: * RPM/RedHat-based Linux:
.. console:: .. console::
@ -42,12 +36,17 @@ Before building Bro, you need to install libmaxminddb.
sudo apt-get install libmaxminddb-dev sudo apt-get install libmaxminddb-dev
* FreeBSD:
.. console::
sudo pkg install libmaxminddb
* Mac OS X: * Mac OS X:
You need to install from your preferred package management system You need to install from your preferred package management system
(e.g. MacPorts, Fink, or Homebrew). The name of the package that you need (e.g. Homebrew, MacPorts, or Fink). For Homebrew, the name of the package
may be libmaxminddb, maxminddb, or libmaxminddb-dev, depending on which that you need is libmaxminddb.
package management system you are using.
GeoLite2-City Database Installation GeoLite2-City Database Installation
@ -64,8 +63,8 @@ the GeoLite2 city binary database:
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
tar zxf GeoLite2-City.tar.gz tar zxf GeoLite2-City.tar.gz
Next, the file "GeoLite2-City_YYYYMMDD/GeoLite2-City.mmdb" needs to be renamed Next, the file "GeoLite2-City_YYYYMMDD/GeoLite2-City.mmdb" needs to be moved
and put in the GeoIP database directory. This directory should already exist to the GeoIP database directory. This directory might already exist
and will vary depending on which platform and package you are using. For and will vary depending on which platform and package you are using. For
FreeBSD, use ``/usr/local/share/GeoIP``. For Linux, use ``/usr/share/GeoIP`` FreeBSD, use ``/usr/local/share/GeoIP``. For Linux, use ``/usr/share/GeoIP``
or ``/var/lib/GeoIP`` (choose whichever one already exists). or ``/var/lib/GeoIP`` (choose whichever one already exists).
@ -88,22 +87,23 @@ functionality works by running a command like this:
If you see an error message similar to "Failed to open GeoIP location If you see an error message similar to "Failed to open GeoIP location
database", then you may need to either rename or move your GeoIP database", then you may need to either rename or move your GeoIP
location database file. Bro looks for location database files in the location database file. If the :bro:see:`mmdb_dir` value is set to a
following order by default: directory pathname (it is not set by default), then Bro looks for location
database files in that directory. If none are found or if mmdb_dir is not set,
then Bro looks for location database files in the following order:
/usr/share/GeoIP/GeoLite2-City.mmdb * /usr/share/GeoIP/GeoLite2-City.mmdb
/var/lib/GeoIP/GeoLite2-City.mmdb * /var/lib/GeoIP/GeoLite2-City.mmdb
/usr/local/share/GeoIP/GeoLite2-City.mmdb * /usr/local/share/GeoIP/GeoLite2-City.mmdb
/usr/local/var/GeoIP/GeoLite2-City.mmdb * /usr/local/var/GeoIP/GeoLite2-City.mmdb
/usr/share/GeoIP/GeoLite2-Country.mmdb * /usr/share/GeoIP/GeoLite2-Country.mmdb
/var/lib/GeoIP/GeoLite2-Country.mmdb * /var/lib/GeoIP/GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country.mmdb * /usr/local/share/GeoIP/GeoLite2-Country.mmdb
/usr/local/var/GeoIP/GeoLite2-Country.mmdb * /usr/local/var/GeoIP/GeoLite2-Country.mmdb
If you see an error message similar to "Bro was not configured for GeoIP If you see an error message similar to "Bro was not configured for GeoIP
support", then you either need to rebuild Bro and make sure it is linked support", then you need to rebuild Bro and make sure it is linked
against libmaxminddb or else set the :bro:see:`mmdb_dir`` value against libmaxminddb. Normally, if libmaxminddb is installed correctly then it
correctly. Normally, if libmaxminddb is installed correctly then it
should automatically be found when building Bro. If this doesn't should automatically be found when building Bro. If this doesn't
happen, then you may need to specify the path to the libmaxminddb happen, then you may need to specify the path to the libmaxminddb
installation (e.g. ``./configure --with-geoip=<path>``). installation (e.g. ``./configure --with-geoip=<path>``).