GeoLite2 database update script

Recently, I’ve been using Graylog for log management on my home network. Graylog is enterprise log management that is 100% open source. It collects logs from almost any device and allows you to visualize and search through the data.

Graylog offers the option to setup geolocation for IP addresses, which is really helpful. To map an IP to a physical location, Graylog needs an external database of IPs and locations. Currently, Graylog only supports MaxMind City databases in the MaxMind DB format. In this case, that’s either the GeoIP2 City database (paid) or the GeoLite2 City database (free, but not as accurate).

The catch is, this database updates once a month, and with that update, the directory name inside the GZIP file changes (e.g., May 2018 will be GeoLite2-City_20180501). Because of this, you’ll need a script to download the database, then unzip it and rename the directory to the path you’ve given to Graylog.

The script is over at GitHub, but also pasted below (check GitHub first).

#!/bin/bash

DIR=/etc/graylog/server
cd $DIR

# Download files
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz.md5

# Calculate MD5SUM of database, trim the stuff we want, and output to a file
md5sum < GeoLite2-City.tar.gz | awk '{printf $1}' > GeoLite2-md5sum.txt

# If calculated hash matches the downloaded hash, unzip and rename the directory
if cmp GeoLite2-md5sum.txt GeoLite2-City.tar.gz.md5; then
  tar -xzf GeoLite2-City.tar.gz
  find ${DIR} -maxdepth 1 -name "GeoLite2-City_*" -type d -exec mv {} 'GeoLite2-City' \;
  # Our final path will be /etc/graylog/server/GeoLite2-City/GeoLite2-City.mmdb
else
  # You could put something here to alert you via email
  exit
fi

# Cleanup files
find ${DIR} -maxdepth 1 -name "GeoLite2*" -type f -exec rm -f {} \;

exit

 

Hope it helps someone!

-Logan

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.