geoip

Dockerfile

@@ -12,8 +12,8 @@ RUN apt-get -y install syslog-ng syslog-ng-core syslog-ng-mod-add-contextual-dat
 RUN mkdir /config
 COPY config /config
 
-RUN mkdir -p /config/GeoIP
+RUN mkdir -p /usr/local/share/GeoIP
-COPY data/GeoIP/GeoLite2-City.mmdb /config/GeoIP/GeoLite2-City.mmdb
+COPY data/GeoIP/GeoLite2-City.mmdb /usr/local/share/GeoIP/GeoLite2-City.mmdb
 
 RUN unlink /etc/localtime && ln -s /usr/share/zoneinfo/America/Indiana/Indianapolis /etc/localtime
 

config/syslog-ng.conf.d/bind-dns.conf

@@ -51,7 +51,7 @@ parser p_bind_client_ip_geoip2_city {
   geoip2(
     "${bind9.client.ip}",
     prefix( "geoip2.source." )
-    database( "GeoIP/GeoLite2-City.mmdb" )
+    database( "/usr/local/share/GeoIP/GeoLite2-City.mmdb" )
   );
 };
 

config/syslog-ng.conf.d/nginx.conf

@@ -40,7 +40,7 @@ parser p_nginx_client_ip_geoip2_city {
   geoip2(
     "${nginx.client.ip}",
     prefix( "geoip2.source." )
-    database( "GeoIP/GeoLite2-City.mmdb" )
+    database( "/usr/local/share/GeoIP/GeoLite2-City.mmdb" )
   );
 };
 

config/syslog-ng.conf.d/unifi.conf

@@ -20,7 +20,7 @@ parser p_fw_src_ip_geoip2_city {
   geoip2(
     "${kv.SRC}",
     prefix( "geoip2.source." )
-    database( "GeoIP/GeoLite2-City.mmdb" )
+    database( "/usr/local/share/GeoIP/GeoLite2-City.mmdb" )
   );
 };
 
@@ -28,7 +28,7 @@ parser p_fw_dst_ip_geoip2_city {
   geoip2(
     "${kv.DST}",
     prefix( "geoip2.destination." )
-    database( "GeoIP/GeoLite2-City.mmdb" )
+    database( "/usr/local/share/GeoIP/GeoLite2-City.mmdb" )
   );
 };
 
@@ -36,7 +36,7 @@ parser p_suricata_dest_ip_geoip2_city {
   geoip2(
     "${suricata.dest_ip}",
     prefix( "geoip2.destination." )
-    database( "GeoIP/GeoLite2-City.mmdb" )
+    database( "/usr/local/share/GeoIP/GeoLite2-City.mmdb" )
   );
 };
 
@@ -44,7 +44,7 @@ parser p_suricata_src_ip_geoip2_city {
   geoip2(
     "${suricata.src_ip}",
     prefix( "geoip2.source." )
-    database( "GeoIP/GeoLite2-City.mmdb" )
+    database( "/usr/local/share/GeoIP/GeoLite2-City.mmdb" )
   );
 };