Maxmind
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE
NetObserv Flow will attempt to determine attributes associated with the autonomous system to which a public IP address belongs. This setting determines whether this feature is enabled.
- Valid Values
true
,false
- Default
false
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_PATH
If enrichment with autonomous system attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE
is true
), this setting specifies the path to the Maxmind database.
- Default
/etc/elastiflow/maxmind/GeoLite2-ASN.mmdb
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE
NetObserv Flow will attempt to determine GeoIP attributes associated with a public IP address. This setting determines whether this feature is enabled.
- Valid Values
true
,false
- Default
false
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_PATH
If enrichment with GeoIP attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE
is true
), this setting specifies the path to the Maxmind database.
- Default
/etc/elastiflow/maxmind/GeoLite2-City.mmdb
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_VALUES
If enrichment with GeoIP attributes is enabled using lookups in a Maxmind database (EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE
is true
), this setting specifies the GeoIP attributes from the Maxmind database to be included in the resulting record.
- Valid Values
city
,continent
,continent_code
,country
,country_code
,location
,timezone
- Default
city,country,country_code,location,timezone