iac
/
syslog-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

a stab at injecting geoip data

This commit is contained in:
Kameron Kenny 2024-06-17 16:12:45 -04:00
parent 008ee6d539
commit e602527d46
No known key found for this signature in database
GPG Key ID: E5006629839D2276
3 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@ -1,7 +1,15 @@
FROM lscr.io/linuxserver/syslog-ng:latest
LABEL version="20240617.1.5"
LABEL version="20240617.1.6"
LABEL description="syslog-ng"
RUN apk update
RUN apk upgrade
RUN mkdir -p /config
COPY config /config
RUN mkdir -p /config/GeoIP
COPY data/GeoIP/GeoLite2-City.mmdb /config/GeoIP/GeoLite2-City.mmdb
RUN apk add libmaxminddb

40
config/syslog-ng.conf
View File

@ -24,6 +24,36 @@ filter f_unifi_wlan { message("wlan:"); };
parser p_kv { kv-parser(prefix("kv.")); };
parser p_suricata_json { json-parser(prefix("suricata.")); };
parser p_fw_src_ip_geoip2_city {
geoip2(
"${kv.SRC}",
prefix( "geoip2." )
database( "/config/GeoIP/GeoLite2-City.mmdb" )
);
};
parser p_fw_dst_ip_geoip2_city {
geoip2(
"${kv.DST}",
prefix( "geoip2." )
database( "/config/GeoIP/GeoLite2-City.mmdb" )
);
};
parser p_suricata_dest_ip_geoip2_city {
geoip2(
"${suricata.dest_ip}",
prefix( "geoip2." )
database( "/config/GeoIP/GeoLite2-City.mmdb" )
);
};
parser p_suricata_src_ip_geoip2_city {
geoip2(
"${suricata.src_ip}",
prefix( "geoip2." )
database( "/config/GeoIP/GeoLite2-City.mmdb" )
);
};
destination d_local {
file("/var/log/messages");
@ -176,6 +206,8 @@ log {
source(s_network_udp);
filter(f_unifi_suricata);
parser(p_suricata_json);
parser(p_suricata_src_ip_geoip2_city);
parser(p_suricata_dest_ip_geoip2_city);
destination(d_unifi_suricata);
flags(final);
};
@ -191,6 +223,8 @@ log {
source(s_network_udp);
filter(f_unifi_fw_lan);
parser(p_kv);
parser(p_fw_src_ip_geoip2_city);
parser(p_fw_dst_ip_geoip2_city);
destination(d_unifi_firewall);
flags(final);
};
@ -199,6 +233,8 @@ log {
source(s_network_udp);
filter(f_unifi_fw_wan);
parser(p_kv);
parser(p_fw_src_ip_geoip2_city);
parser(p_fw_dst_ip_geoip2_city);
destination(d_unifi_firewall);
flags(final);
};
@ -207,6 +243,8 @@ log {
source(s_network_udp);
filter(f_unifi_fw_dnat);
parser(p_kv);
parser(p_fw_src_ip_geoip2_city);
parser(p_fw_dst_ip_geoip2_city);
destination(d_unifi_firewall);
flags(final);
};
@ -215,6 +253,8 @@ log {
source(s_network_udp);
filter(f_unifi_fw_guest);
parser(p_kv);
parser(p_fw_src_ip_geoip2_city);
parser(p_fw_dst_ip_geoip2_city);
destination(d_unifi_firewall);
flags(final);
};

2
docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
syslog-ng:
build:
dockerfile: Dockerfile
image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240617.1.5
image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240617.1.6
container_name: syslog-ng
environment:
- PUID=0