github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-06-29 02:03:30 -04:00
Code Issues Projects Releases Packages Wiki Activity
logstash/docs/static/geoip-database-management/configuring.asciidoc
Ry Biesemeyer 51886b9102
geoip: extract database manager to stand-alone feature (#15348) 
* geoip: extract database manager to stand-alone feature

Introduces an Elastic-licensed GeoipDatabaseManagement tool that can be used
by ANY plugin running on Elastic-licensed Logstash to retrieve a subscription
to a GeoIP database that ensures EULA-compliance and frequent updates, and
migrates the previous Elastic-licensed code-in-Logstash-core extension to
the Geoip Filter to use this new tool, requiring ZERO changes to in-the-wild
versions of the plugin.

The implementation of the new tool follows the previous implementation as
closely as possible, but presents a new interface that ensures that a
consumer can ATOMICALLY subscribe to a database path without risk that the
subscriber will receive an update or expiry before it is finished applying
the initial value:

~~~ ruby
geoip_manager = LogStash::GeoipDatabaseManagement::Manager.instance
subscription = geoip_manager.subscribe('City')

subscription.observe(construct: ->(initial_dbinfo){ },
                     on_update: ->(updated_dbinfo){ },
                     on_expire: ->(       _      ){ })

subscription.release!
~~~

* docs: link in geoip database manager docs

* docs: reorganize pending 'geoip database management' feature

* docs: link to geoip pages from feature index

* geoip: add SubscriptionObserver "interface"

simplifies using Subscription#observe from Java

* geoip: fixup SubscriptionObserver after rename

* geoip: quacking like a SubscriptionObserver is enough

* geoip: simplify constants of legacy geoip filter extension

* geoip: bump logging level to debug for non-actionable log

* geoip: refine log message to omit non-actionable info

* re-enable invokedynamic (was disabled to avoid upstream bug)

* geoip: resolve testing fall-out from filter extension's "private" constants removal

* geoip: consistently use `DataPath#resolve` internally, too
2023-11-06 09:22:23 -08:00

68 lines
2.2 KiB
Text
Raw Blame History

[role="xpack"]
[[configuring-geoip-database-management]]
=== Configure GeoIP Database Management
To configure
<<logstash-geoip-database-management>>:
. Verify that you are using a license that includes the geoip database management
feature.
+
--
For more information, see https://www.elastic.co/subscriptions and
{kibana-ref}/managing-licenses.html[License management].
--
. Specify
<<geoip-database-management-settings,geoip database management settings>> in the
`logstash.yml` file to tune the configuration as-needed.
include::../settings/geoip-database-management-settings.asciidoc[]
[[configuring-geoip-database-management-offline]]
==== Offline and air-gapped environments
If Logstash does not have access to the internet, or if you want to disable the database manager, set the `xpack.geoip.downloader.enabled` value to `false` in `logstash.yml`.
When the database manager is disabled, plugins that require GeoIP lookups must be configured with their own source of GeoIP databases.
===== Using an HTTP proxy
If you can't connect directly to the Elastic GeoIP endpoint, consider setting up an HTTP proxy server.
You can then specify the proxy with `http_proxy` environment variable.
[source,sh]
----
export http_proxy="http://PROXY_IP:PROXY_PORT"
----
===== Using a custom endpoint
If you work in an air-gapped environment and can't update your databases from the Elastic endpoint,
You can then download databases from MaxMind and bootstrap the service.
. Download both `GeoLite2-ASN.mmdb` and `GeoLite2-City.mmdb` database files from the
http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
. Copy both database files to a single directory.
. https://www.elastic.co/downloads/elasticsearch[Download {es}].
. From your {es} directory, run:
+
[source,sh]
----
./bin/elasticsearch-geoip -s my/database/dir
----
. Serve the static database files from your directory. For example, you can use
Docker to serve the files from nginx server:
+
[source,sh]
----
docker run -p 8080:80 -v my/database/dir:/usr/share/nginx/html:ro nginx
----
. Specify the service's endpoint URL in Logstash using the
`xpack.geoip.download.endpoint=http://localhost:8080/overview.json` setting in `logstash.yml`.
Logstash gets automatic updates from this service.
Reference in a new issue View git blame Copy permalink