Geoip
LogZilla App Store application: Geoip
Adding GeoIP Lookup
App Function
This app is a supplemental app. It is not stand-alone; it is intended to run after other user-specified apps run. Prior apps will set the SrcIP and DstIP user tags based on their own functioning. Then this app will use geoip lookup for both SrcIP and DstIP and set additional tags with that information.
Incoming Log Format
This app does not process logs. It processes SrcIP and DstIP user tags that are set by other installed apps.
User Tags
| Tagged | Field Name | Example | Description |
|---|---|---|---|
| ☑ | SrcIP City | Atlanta | the city for the IP in SrcIP |
| ☑ | SrcIP State | Georgia | the state or province for the IP in SrcIP |
| ☑ | SrcIP Country | United States | the country for the IP in SrcIP |
| ☑ | DstIP City | Toronto | the city for the IP in DstIP |
| ☑ | DstIP State | Ontario | the state or province for the IP in DstIP |
| ☑ | DstIP Country | Canada | the country for the IP in DstIP |
Note that in some cases the geoip lookup is not able to determine specific location information, in which case usually the country is available but the city and state may not be. The city, state, and if applicable country fields will be set to Unknown for these cases.
HC Tags
HC_TAGS={ "SrcIP City", "DstIP City" }