Building Geo Map using Queries

Discussion:

Blason R

2018-06-09 14:33:53 UTC

Hi There,

I have DNS RPZ server runnnig and have configured logstatsh on the same to
parse the DNS RPZ logs.

My requirement is I need to build Geo Map basis on the DNS responses; Any
idea how can that be achieved? Or need to know the requests made from which
country and any other idea community can suggest?

Ed Daniel

2018-06-09 15:38:02 UTC

Permalink

Post by Blason R
Hi There,
I have DNS RPZ server runnnig and have configured logstatsh on the same
to parse the DNS RPZ logs.
My requirement is I need to build Geo Map basis on the DNS responses;
Any idea how can that be achieved? Or need to know the requests made
from which country and any other idea community can suggest?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

http://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html

HTH,
Ed.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://l

Vadim Pavlov via bind-users

2018-06-10 04:55:27 UTC

Permalink

Hi Blason,

You can use MaxMind GeoIP DB and enrich logs with data you need.

Vadim

Post by Blason R
Hi There,
I have DNS RPZ server runnnig and have configured logstatsh on the same to parse the DNS RPZ logs.
My requirement is I need to build Geo Map basis on the DNS responses; Any idea how can that be achieved? Or need to know the requests made from which country and any other idea community can suggest?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Blason R

2018-06-10 05:15:22 UTC

Permalink

Thanks!

Any particular use case or configuration you would like to suggest?

Post by Vadim Pavlov via bind-users
Hi Blason,
You can use MaxMind GeoIP DB and enrich logs with data you need.
Vadim

Post by Blason R
Hi There,
I have DNS RPZ server runnnig and have configured logstatsh on the same

to parse the DNS RPZ logs.

Post by Blason R
My requirement is I need to build Geo Map basis on the DNS responses;

Any idea how can that be achieved? Or need to know the requests made from
which country and any other idea community can suggest?

Post by Blason R
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to

unsubscribe from this list

Post by Blason R
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

Vadim Pavlov via bind-users

2018-06-10 05:30:33 UTC

Permalink

Nope. YMMV depending on your requirements.

I did it a while ago but I've just parsed the query logs with my script and stored logs in MySQL + used google maps to show it ( http://dnsstat.ipvm.biz/ <http://dnsstat.ipvm.biz/> and a funny video:

).
I needed more details so I've used "whois" + RIPE DB.

AFAIK Splunk (even with free tier) provides such ability. You may use some other providers like DomainTools as well.

Vadim

Post by Blason R
Thanks!
Any particular use case or configuration you would like to suggest?
Hi Blason,
You can use MaxMind GeoIP DB and enrich logs with data you need.
Vadim

Post by Blason R
Hi There,
I have DNS RPZ server runnnig and have configured logstatsh on the same to parse the DNS RPZ logs.
My requirement is I need to build Geo Map basis on the DNS responses; Any idea how can that be achieved? Or need to know the requests made from which country and any other idea community can suggest?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>

Continue reading on narkive:

Search results for 'Building Geo Map using Queries' (Questions and Answers)

372

replies

IF NUKES ARE FIRED AT USA, then what?

started 2017-03-12 19:36:06 UTC

military

replies

How can i increase the visitors to my website ?

started 2009-07-09 11:52:07 UTC

search engine optimization