Splunk Maxmind Notes.md 689 B
XDR Splunk Maxmind Notes.md
Notes on the Maxmind GeoIP download.
:warning: Free Maxmind only updates Monthly!
Setup
wget https://github.com/maxmind/geoipupdate/releases/download/v4.3.0/geoipupdate_4.3.0_linux_amd64.rpm
#md5sum geoipupdate_4.3.0_linux_amd64.rpm
1ec84d6ef19075c8acbbac9552e15ebe geoipupdate_4.3.0_linux_amd64.rpm
yum localinstall geoipupdate_4.3.0_linux_amd64.rpm
edit config file here: /etc/GeoIP.conf
EditionIDs GeoLite2-City
cronjob
# top of crontab
MAILTO=your@email.com
2 13 * * 6 /bin/geoipupdate
# end of crontab
# The directory to store the database files. Defaults to /usr/share/GeoIP
# DatabaseDirectory /usr/share/GeoIP