geolookup - Man Page
geo location lookup for IP addresses
Synopsis
| geolookup | [-G geoDBfile] iplist |
Description
geolookup is a tool to lookup AS and geo location information of one or more IP addresses. You need to create the nfdump specific lookup database first, before using geolookup
geolookup is also used to create the nfdump formatted lookup database file from the maxmind csv files. You need to have a maxmind account at https://maxmind.com, in order to download the relevant csv file. See the section below for the building instructions.
geolookup accepts a list of IP addresses either on the command line, separated by spaces or on stdin line by line. The IP address on each line can be embedded in a string separated be spaces on the left and right, therefore it can read the piped output from other tools.
geolookup accepts a list of AS numbers prefixed with as and separated with spaces
The options are as follows:
- -d directory
Use the csv files in directory to build the binary lookup database file. With this argument geolookup creates a new binary lookup database file.
- -w geoDBfile
Name of the new lookup database file.
- -G geoDBfile
Use the binary geoDBfile as lookup database for the current AS and location lookups.
To specify the geo lookup database geolookup searches at the following places:
If the default nfdump(1) configuration file exists, it reads the tag geodb.path
If the environment variable NFGEODB is set, use this setting as lookup database.
The command line argument -G
If multiple locations are given, the environment variable NFGEODB overwrites the nfdump config file and the command line option -G overwrites the environment variable NFGEODB.
Return Values
geolookup returns 0 on success and 255 otherwise.
Environment
geolookup reads the environment variable NFGEODB
Examples
To create a lookup database, you need an account at https://maxmind.com. It works with the paid GeoDB as well as with the free GeoLite2 csv files. The easiest way for creating or updating the binary lookup database is the use of the script updateGeoDB.sh provided with all other nfdump files. Insert your license key and run the script. This creates a new lookup database.
If you want to do it manually follow these steps:
Log into https://maxmind.com and download the corresponding csv files: GeoLite2-ASN-CSV and GeoLite2-City-CSV
Unpack the zip files and put the following csv files into a newly created build directory: GeoLite2-ASN-Blocks-IPv4.csv, GeoLite2-ASN-Blocks-IPv6.csv, GeoLite2-City-Blocks-IPv4.csv, GeoLite2-City-Blocks-IPv6.csv, GeoLite2-City-Locations-en.csv Maxmind offeres several languages for the City-Locations file. Choose only one.
Move the lookup database to the final location.
See Also
nfdump has already builtin lookup options to decorate the text output with geo location and AS information.