Skip to content

add support for geolocation #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
monrax merged 5 commits into from
Aug 29, 2025
Merged

add support for geolocation #7

monrax merged 5 commits into from
Aug 29, 2025

Conversation

@monrax
Copy link
Collaborator

@monrax monrax commented Jun 30, 2025

Add support for geolocation through:

  1. Direct download at init time
  2. Cronjob using maxmind/geoip to update databases periodically

@monrax monrax changed the title Feat/geo add support for geolocation Jun 30, 2025
alix-graylog
alix-graylog reviewed Jun 30, 2025
View reviewed changes
Copy link
Collaborator

@alix-graylog alix-graylog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, thanks for adding this!

graylog/templates/geoip.yaml
apiVersion: v1
kind: Secret
metadata:
name: {{ $geoSecretName }}
Copy link
Collaborator

@alix-graylog alix-graylog Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this for the Maxmind api key?

Copy link
Collaborator Author

@monrax monrax Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup! Both api key and account id

graylog/values.yaml Outdated
protocol: TCP
plugins:
myPluginA:
url: "https://someurl/myplugin.jar"
Copy link
Collaborator

@alix-graylog alix-graylog Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this to allow for downloading of 3rd party plugins?

Copy link
Collaborator Author

@monrax monrax Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, but this values schema has been updated. See #6 for more details

@williamtrelawny
Copy link
Collaborator

williamtrelawny commented Aug 5, 2025

@monrax can you please address Alix's questions above when you get a chance?

@monrax monrax requested a review from alix-graylog August 20, 2025 13:26
@monrax
Copy link
Collaborator Author

monrax commented Aug 20, 2025

I just updated this branch, and rebased on top of feat/plugins, please take a look at PR #6 before attempting to merge this one.

This PR introduces support for the Graylog Geolocation Processor by fetching the mmdb files using MaxMind's GeoIp Update container as a CronJob. This is the recommended way to fetch mmdb files and keep them up to date. In order to test this, you will need a MaxMind GeoLite account. Once you have that, you will need to generate a new API key at https://www.maxmind.com/en/accounts//license-key -- then you just need to run:

helm upgrade graylog ./graylog -n graylog --reuse-values --set graylog.config.geolocation.enabled=true \
--set graylog.config.geolocation.maxmindGeoIp.enabled=true \
--set graylog.config.geolocation.maxmindGeoIp.accountId="<YOUR-MAXMIND-ACCOUNT-ID-HERE>" \
--set graylog.config.geolocation.maxmindGeoIp.licenseKey="<YOUR-MAXMIND-LICENSE-KEY-HERE>"

to perform the upgrade.

Another method is also available: given the URL of an .mmdb file available in a remote location, and a SHA256 hash of that file, by specifying both the url and checksum fields for a given geolocation database under graylog.config.geolocation.mmdbSources.{city|asn}, the copy-data init container will fetch the mmdb resource and check if the hashes match, and if so it will copy the file to the main application data/geolocation directory (mounted at /mnt/data/geolocation in the init container, and /usr/share/graylog/data/geolocation in the main graylog container).

Both methods have been tested in both microk8s and EKS.

@monrax monrax marked this pull request as draft August 20, 2025 17:19
@monrax
Copy link
Collaborator Author

monrax commented Aug 20, 2025

Turning this into a draft PR until #6 is merged.

@monrax monrax marked this pull request as ready for review August 25, 2025 11:18
alix-graylog
alix-graylog approved these changes Aug 28, 2025
View reviewed changes
Copy link
Collaborator

@alix-graylog alix-graylog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was able to test this one. Everything from what I can see is working as expected.

@monrax monrax merged commit fd3ea58 into main Aug 29, 2025
1 check passed
@monrax monrax deleted the feat/geo branch December 5, 2025 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@williamtrelawny williamtrelawny williamtrelawny left review comments

@alix-graylog alix-graylog alix-graylog approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@monrax @williamtrelawny @alix-graylog