Skip to main content
Version: 6.4

Maxmind

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE

The ElastiFlow Unified Flow Collector will attempt to determine attributes associated with the autonomous system to which a public IP address belongs. This setting determines whether this feature is enabled.

  • Valid Values
    • true, false
  • Default
    • false

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_PATH

If enrichment with autonomous system attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE is true), this setting specifies the path to the Maxmind database.

  • Default
    • /etc/elastiflow/maxmind/GeoLite2-ASN.mmdb

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE

The ElastiFlow Unified Flow Collector will attempt to determine GeoIP attributes associated with a public IP address. This setting determines whether this feature is enabled.

  • Valid Values
    • true, false
  • Default
    • false

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_PATH

If enrichment with GeoIP attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE is true), this setting specifies the path to the Maxmind database.

  • Default
    • /etc/elastiflow/maxmind/GeoLite2-City.mmdb

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_VALUES

If enrichment with GeoIP attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE is true), this setting specifies the GeoIP attributes from the Maxmind database to be included in the resulting record.

  • Valid Values
    • city, continent, continent_code, country, country_code, location, timezone
  • Default
    • city,country,country_code,location,timezone

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_LANG

If enrichment with GeoIP attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE is true), this setting specifies the language which should be used for any language-specifc values.

  • Valid Values
    • de - German
    • en - English
    • es - Spanish
    • fr - French
    • ja - Japanese
    • pt-BR - Brazilian Portuguese
    • ru - Russian
    • zh-CN - Simplified Chinese
  • Default
    • en

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_PATH

For more control of when enrichment is applied, IP addresses can be included or excluded from GeoIP enrichment by Autonomous System or CIDR. This setting specifies the path to this file.

For more details on the format of this file and the behavior of the include/exclude functionality refer to: Scoping Enrichment with Include/Exclude

  • Default
    • ''
  • Recommended
    • /etc/elastiflow/hostname/incl_excl.yml

EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE

The file specified in EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_PATH can be loaded automatically to refresh values without restarting the collector. This value specifies the refresh interval, in minutes, that the file will be reloaded. The value of 0 disables refreshing of the values.

  • Default
    • 15