https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412790#M118959 <P>Thanks, but I need to put my <EM>own IPs</EM> into the database, as explained in Customizing-Maxmind-IP-Geo-DB-for-<EM>Internal-Networks</EM></P> Mon, 20 Aug 2018 07:27:39 GMT graether 2018-08-20T07:27:39Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412788#M118957 <P>Hello,</P> <P>I applied successfully the tool at </P> <P>github Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks</P> <P><A href="https://github.com/threatstream/mhn/wiki/Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks">https://github.com/threatstream/mhn/wiki/Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks</A>]</P> <P>to add own IPs for an important Enterprise Security Projekt.</P> <P>But somehow the mmdb created by</P> <PRE><CODE>python csv2dat.py -w mmcity.dat mmcity GeoLiteCity-and-mynetworks.csv </CODE></PRE> <P>differs from Splunks internal GeoLite2-City.mmdb</P> <PRE><CODE>&gt;&gt;&gt; import pygeoip, json &gt;&gt;&gt; geo = pygeoip.GeoIP('GeoLite2-City.mmdb') &gt;&gt;&gt; print json.dumps(geo.record_by_addr('182.236.164.11'), indent=4, sort_keys=True) Traceback (most recent call last): File "&lt;stdin&gt;", line 1, in &lt;module&gt; File "/root/mmutils/env/lib/python2.7/site-packages/pygeoip/__init__.py", line 544, in record_by_addr raise GeoIPError(message) pygeoip.GeoIPError: Invalid database type, expected City </CODE></PRE> <P>Is there a better method? Did I miss another conversion step?</P> <P>Thanks!</P> Mon, 20 Aug 2018 06:57:02 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412788#M118957 graether 2018-08-20T06:57:02Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412789#M118958 <P>Refer to the following repository for updating MaxMind DB in Splunk:</P> <P><A href="https://www.splunk.com/blog/2014/07/22/updating-the-iplocation-db.html">https://www.splunk.com/blog/2014/07/22/updating-the-iplocation-db.html</A><BR /> <A href="http://www.georgestarcher.com/splunk-updating-the-geoip-database/">http://www.georgestarcher.com/splunk-updating-the-geoip-database/</A></P> Mon, 20 Aug 2018 07:13:36 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412789#M118958 niketn 2018-08-20T07:13:36Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412790#M118959 <P>Thanks, but I need to put my <EM>own IPs</EM> into the database, as explained in Customizing-Maxmind-IP-Geo-DB-for-<EM>Internal-Networks</EM></P> Mon, 20 Aug 2018 07:27:39 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412790#M118959 graether 2018-08-20T07:27:39Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412791#M118960 <P>A quick Google search reveals that the above script creates a <CODE>.dat</CODE> binary file and the file you used is a <CODE>.mmdb</CODE> which is the newer version. Another quick Google search reveals that there are many tools, topics how to convert a <CODE>.dat</CODE> file to a <CODE>.mmdb</CODE> </P> <P>Try this <A href="https://www.google.com/search?q=python+convert+mmdb+to+dat">https://www.google.com/search?q=python+convert+mmdb+to+dat</A></P> <P>cheers, MuS</P> Mon, 20 Aug 2018 08:45:13 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412791#M118960 MuS 2018-08-20T08:45:13Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412792#M118961 <P>Thanks MuS for pointing this out!<BR /> Somehow this </P> <P><A href="https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/">https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/</A></P> <P>looks promising, and I'll give it a try.</P> <P>Cheers</P> Mon, 20 Aug 2018 09:14:30 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412792#M118961 graether 2018-08-20T09:14:30Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412793#M118962 <P>Hi @graether, we're trying to do the same with our internal IP's. Did you get any progress with the .mmdb file?</P> <P>Thanks</P> Fri, 09 Nov 2018 14:25:56 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412793#M118962 tiago_comasseto 2018-11-09T14:25:56Z https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412794#M118963 <P>Hello Tiago,</P> <P>I did not need to edit the file .mmdb anymore due to a project scope change. I've started with <BR /> <A href="https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/">https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/</A><BR /> but was not so straightforward. So unfortunately no news from my side.</P> Mon, 12 Nov 2018 09:12:25 GMT https://community.splunk.com/t5/Splunk-Search/How-to-add-own-IP-locations-into-the-GeoLite2-City-mmdb/m-p/412794#M118963 graether 2018-11-12T09:12:25Z