Maxmind GeoIP¶
Corelight physical and virtual sensors include a GeoIP database and are not updated with Corelight-update. This section only applies to Micro Sensors (version 1.x Software Sensors).
You can sign up for free and get a license key from https://www.maxmind.com/en/geolite2/signup.
Once you have an AccountID and LicenseKey, enter them in the geoip
configuration below. You can also edit the GeoIP
advanced configuration if you want to change additional settings. The GeoIP advanced configuration is in the Global
Configuration and Policy settings file located here: /etc/corelight-update/global/config.yaml
GeoIP settings¶
Tip
If you are running Corelight-update on the same host as a Corelight Micro Sensor, the default location the
sensor looks for the GeoIP database is /usr/share/GeoIP/
The GeoIP settings:
geoip: account_id: 0 license_key: "" database_directory: "/var/corelight-update/files/all/geoip"
Maxmind configuration settings¶
If you need to change more settings than listed above, you can edit the Maxmind configuration file as needed.
Tip
The Maxmind configuration file is located here: /etc/corelight-update/global/GeoIP.conf