diff --git a/Dockerfile b/Dockerfile
index 19caf6c..cf947c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,15 @@
 FROM lscr.io/linuxserver/syslog-ng:latest
 
-LABEL version="20240617.1.5"
+LABEL version="20240617.1.6"
 LABEL description="syslog-ng"
 
+RUN apk update
+RUN apk upgrade
+
 RUN mkdir -p /config
 COPY config /config
+
+RUN mkdir -p /config/GeoIP
+COPY data/GeoIP/GeoLite2-City.mmdb /config/GeoIP/GeoLite2-City.mmdb
+
+RUN apk add libmaxminddb
diff --git a/config/syslog-ng.conf b/config/syslog-ng.conf
index a32e1d5..5a4268e 100644
--- a/config/syslog-ng.conf
+++ b/config/syslog-ng.conf
@@ -24,6 +24,36 @@ filter f_unifi_wlan { message("wlan:"); };
 
 parser p_kv { kv-parser(prefix("kv.")); };
 parser p_suricata_json { json-parser(prefix("suricata.")); };
+parser p_fw_src_ip_geoip2_city {
+  geoip2(
+    "${kv.SRC}",
+    prefix( "geoip2." )
+    database( "/config/GeoIP/GeoLite2-City.mmdb" )
+  );
+};
+
+parser p_fw_dst_ip_geoip2_city {
+  geoip2(
+    "${kv.DST}",
+    prefix( "geoip2." )
+    database( "/config/GeoIP/GeoLite2-City.mmdb" )
+  );
+};
+
+parser p_suricata_dest_ip_geoip2_city {
+  geoip2(
+    "${suricata.dest_ip}",
+    prefix( "geoip2." )
+    database( "/config/GeoIP/GeoLite2-City.mmdb" )
+  );
+};
+parser p_suricata_src_ip_geoip2_city {
+  geoip2(
+    "${suricata.src_ip}",
+    prefix( "geoip2." )
+    database( "/config/GeoIP/GeoLite2-City.mmdb" )
+  );
+};
 
 destination d_local {
   file("/var/log/messages");
@@ -176,6 +206,8 @@ log {
   source(s_network_udp);
   filter(f_unifi_suricata);
   parser(p_suricata_json);
+  parser(p_suricata_src_ip_geoip2_city);
+  parser(p_suricata_dest_ip_geoip2_city);
   destination(d_unifi_suricata);
   flags(final);
 };
@@ -191,6 +223,8 @@ log {
   source(s_network_udp);
   filter(f_unifi_fw_lan);
   parser(p_kv);
+  parser(p_fw_src_ip_geoip2_city);
+  parser(p_fw_dst_ip_geoip2_city);
   destination(d_unifi_firewall);
   flags(final);
 };
@@ -199,6 +233,8 @@ log {
   source(s_network_udp);
   filter(f_unifi_fw_wan);
   parser(p_kv);
+  parser(p_fw_src_ip_geoip2_city);
+  parser(p_fw_dst_ip_geoip2_city);
   destination(d_unifi_firewall);
   flags(final);
 };
@@ -207,6 +243,8 @@ log {
   source(s_network_udp);
   filter(f_unifi_fw_dnat);
   parser(p_kv);
+  parser(p_fw_src_ip_geoip2_city);
+  parser(p_fw_dst_ip_geoip2_city);
   destination(d_unifi_firewall);
   flags(final);
 };
@@ -215,6 +253,8 @@ log {
   source(s_network_udp);
   filter(f_unifi_fw_guest);
   parser(p_kv);
+  parser(p_fw_src_ip_geoip2_city);
+  parser(p_fw_dst_ip_geoip2_city);
   destination(d_unifi_firewall);
   flags(final);
 };
diff --git a/docker-compose.yml b/docker-compose.yml
index 32e7b28..a237aa0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,7 @@ services:
   syslog-ng:
     build:
       dockerfile: Dockerfile
-    image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240617.1.5
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240617.1.6
     container_name: syslog-ng
     environment:
       - PUID=0