diff --git a/Dockerfile b/Dockerfile index f8dc718..659d19e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM debian:latest MAINTAINER Kameron Kenny -LABEL version="20240618.1.6" +LABEL version="20240618.1.7" LABEL description="Debian Based syslog-ng" RUN apt-get update diff --git a/config/syslog-ng.conf b/config/syslog-ng.conf index 38fad1d..1b43cee 100644 --- a/config/syslog-ng.conf +++ b/config/syslog-ng.conf @@ -24,36 +24,36 @@ filter f_unifi_wlan { message("wlan:"); }; parser p_kv { kv-parser(prefix("kv.")); }; parser p_suricata_json { json-parser(prefix("suricata.")); }; -#parser p_fw_src_ip_geoip2_city { -# geoip2( -# "${kv.SRC}", -# prefix( "geoip2." ) -# database( "/config/GeoIP/GeoLite2-City.mmdb" ) -# ); -#}; +parser p_fw_src_ip_geoip2_city { + geoip2( + "${kv.SRC}", + prefix( "geoip2.source." ) + database( "/config/GeoIP/GeoLite2-City.mmdb" ) + ); +}; -#parser p_fw_dst_ip_geoip2_city { -# geoip2( -# "${kv.DST}", -# prefix( "geoip2." ) -# database( "/config/GeoIP/GeoLite2-City.mmdb" ) -# ); -#}; +parser p_fw_dst_ip_geoip2_city { + geoip2( + "${kv.DST}", + prefix( "geoip2.destination." ) + database( "/config/GeoIP/GeoLite2-City.mmdb" ) + ); +}; -#parser p_suricata_dest_ip_geoip2_city { -# geoip2( -# "${suricata.dest_ip}", -# prefix( "geoip2." ) -# database( "/config/GeoIP/GeoLite2-City.mmdb" ) -# ); -#}; -#parser p_suricata_src_ip_geoip2_city { -# geoip2( -# "${suricata.src_ip}", -# prefix( "geoip2." ) -# database( "/config/GeoIP/GeoLite2-City.mmdb" ) -# ); -#}; +parser p_suricata_dest_ip_geoip2_city { + geoip2( + "${suricata.dest_ip}", + prefix( "geoip2.destination." ) + database( "/config/GeoIP/GeoLite2-City.mmdb" ) + ); +}; +parser p_suricata_src_ip_geoip2_city { + geoip2( + "${suricata.src_ip}", + prefix( "geoip2.source." ) + database( "/config/GeoIP/GeoLite2-City.mmdb" ) + ); +}; destination d_local { file("/var/log/messages"); @@ -206,8 +206,8 @@ log { source(s_network_udp); filter(f_unifi_suricata); parser(p_suricata_json); -# parser(p_suricata_src_ip_geoip2_city); -# parser(p_suricata_dest_ip_geoip2_city); + parser(p_suricata_src_ip_geoip2_city); + parser(p_suricata_dest_ip_geoip2_city); destination(d_unifi_suricata); flags(final); }; @@ -223,8 +223,8 @@ log { source(s_network_udp); filter(f_unifi_fw_lan); parser(p_kv); -# parser(p_fw_src_ip_geoip2_city); -# parser(p_fw_dst_ip_geoip2_city); + parser(p_fw_src_ip_geoip2_city); + parser(p_fw_dst_ip_geoip2_city); destination(d_unifi_firewall); flags(final); }; @@ -233,8 +233,8 @@ log { source(s_network_udp); filter(f_unifi_fw_wan); parser(p_kv); -# parser(p_fw_src_ip_geoip2_city); -# parser(p_fw_dst_ip_geoip2_city); + parser(p_fw_src_ip_geoip2_city); + parser(p_fw_dst_ip_geoip2_city); destination(d_unifi_firewall); flags(final); }; @@ -243,8 +243,8 @@ log { source(s_network_udp); filter(f_unifi_fw_dnat); parser(p_kv); -# parser(p_fw_src_ip_geoip2_city); -# parser(p_fw_dst_ip_geoip2_city); + parser(p_fw_src_ip_geoip2_city); + parser(p_fw_dst_ip_geoip2_city); destination(d_unifi_firewall); flags(final); }; @@ -253,8 +253,8 @@ log { source(s_network_udp); filter(f_unifi_fw_guest); parser(p_kv); -# parser(p_fw_src_ip_geoip2_city); -# parser(p_fw_dst_ip_geoip2_city); + parser(p_fw_src_ip_geoip2_city); + parser(p_fw_dst_ip_geoip2_city); destination(d_unifi_firewall); flags(final); }; diff --git a/docker-compose.yml b/docker-compose.yml index 9cc98df..4e7cc4d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: syslog-ng: build: dockerfile: Dockerfile - image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240618.1.6 + image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240618.1.7 container_name: syslog-ng # environment: #- PUID=0