Maxmind doesnt now have GeoIP ASN DB as new format

[hilmiesen]

Now, Maxmind does not have GeoIP ASN DB as a new format called GeoIPLite2.

Geoip ASN DB is still legacy format. Becouse of usage geoip legacy format, we should choose which geo ip format: GeoIP or GeoIP2.

Could you bring a new parameter that choosing geoip format?

[eht16]

I was quite surprised when I updated Logstash today to 2.4.0 and experienced a crash because the geoip filter couldn't read the legacy Geoip database any longer. Only then I noticed that now the Geoip2 database format is required.
Either I missed a hint in the former release notes or there was none.
Even the docs at https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html still say that the legacy format has to be used.

Anyway, in general I support the switch to the new database format.
Except that now the ASN database is not supported anymore.

I think @hilmiesen's suggestion could solve the problem, i.e. supporting both formats.
I know this makes the code more complex and harder to maintain but it would keep a now missing feature in the filter.

[jordansissel]

Sounds like we should roll back geoip2 support until Logstash 5 where we
can break backwards Conor.

On Monday, September 5, 2016, Enrico Tröger notifications@github.com
wrote:

I was quite surprised when I updated Logstash today to 2.4.0 and
experienced a crash because the geoip filter couldn't read the legacy Geoip
database any longer. Only then I noticed that now the Geoip2 database
format is required.
Either I missed a hint in the former release notes or there was none.
Even the docs at https://www.elastic.co/guide/en/logstash/current/plugins-
filters-geoip.html still say that the legacy format has to be used.

Anyway, in general I support the switch to the new database format.
Except that now the ASN database is not supported anymore.

I think @hilmiesen https://github.com/hilmiesen's suggestion could
solve the problem, i.e. supporting both formats.
I know this makes the code more complex and harder to maintain but it
would keep a now missing feature in the filter.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#96 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAIC6uY1aiUomXJgcyu6uM7hfLsRpWrVks5qnHmxgaJpZM4Jzoei
.

[untergeek]

While I agree with making previously available functionality still available, I suggest making a geoipv1 plugin instead, that only uses the old GeoIP v1 database. A rollback now would cause bigger headaches than a separate plugin dedicated to v1, in my opinion.

[eht16]

Having a new geoipv1 plugin sounds nice as well. This way users can choose which database version they want to use or even can combine both versions easily and cleanly.

[dwasss]

I also would like to get the AS Number data in addition to geolocation, which is only available in the legacy database but that is not supported in the updated geoip plugin. Ideally, MaxMind would include the ASNUM data in their free GeoLite2 databases but this feature is a value add. +1 on the idea of a geoipv1 plugin!

[eht16]

I still miss the ASN database :(.

I would work on a geoipv1 plugin on myself but I have no idea Ruby and even less about the whole packaging work around. It would probably cause more work at reviewing than if it would do someone who knows the game :).

[tomsommer]

ASN is part of the MaxMind GeoIP2-ISP database now, which is currently not supported either: #91

[jordansissel]

@tomsommer Good eye. I don't remember seeing this before -- https://www.maxmind.com/en/geoip2-isp-database

[sh4t]

Is the paid-for database going to be supported?

[sh4t]

@jordansissel bump bump :) I'll bring this up at Elastic{ON} if it isn't worked out prior :) not having ASN data is a mess; debating rolling back to logstash 2.x ;/

[glmrenard]

I just have the same issue with logstash 5.1.2. Any news on it ?

[suyograo]

We are gonna look at this soon. We are busy the next 2 weeks with our user conference, but we will start working on it soon after. Thanks for your patience.

[SMAPPER]

This has been a core problem with us since upgrading to version 5. We use ASN extensively. If either a v1 plugin or even support for the commercial ASN database is provided I would be eternally grateful.

[jordansissel]

Closing this in favor of #91 (same request).

[acchen97]

An update for those encountering this: we now have a plan for resolving ISP and ASN lookups. Feel free to provide additional feedback on this issue #110.