Building Geo Map using Queries

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Building Geo Map using Queries

blason16
Hi There,

I have DNS RPZ server runnnig and have configured logstatsh on the same to parse the DNS RPZ logs. 

My requirement is I need to build Geo Map basis on the DNS responses; Any idea how can that be achieved? Or need to know the requests made from which country and any other idea community can suggest?

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Building Geo Map using Queries

Ed Daniel
On 09/06/18 15:33, Blason R wrote:

> Hi There,
>
> I have DNS RPZ server runnnig and have configured logstatsh on the same
> to parse the DNS RPZ logs. 
>
> My requirement is I need to build Geo Map basis on the DNS responses;
> Any idea how can that be achieved? Or need to know the requests made
> from which country and any other idea community can suggest?
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
>

http://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html

HTH,
Ed.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Building Geo Map using Queries

Bind-Users forum mailing list
In reply to this post by blason16
Hi Blason,

You can use MaxMind GeoIP DB and enrich logs with data you need.

Vadim

> On 09 Jun 2018, at 17:33, Blason R <[hidden email]> wrote:
>
> Hi There,
>
> I have DNS RPZ server runnnig and have configured logstatsh on the same to parse the DNS RPZ logs.
>
> My requirement is I need to build Geo Map basis on the DNS responses; Any idea how can that be achieved? Or need to know the requests made from which country and any other idea community can suggest?
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Building Geo Map using Queries

blason16
Thanks!

Any particular use case or configuration you would like to suggest?


On Sun, Jun 10, 2018 at 10:25 AM Vadim Pavlov <[hidden email]> wrote:
Hi Blason,

You can use MaxMind GeoIP DB and enrich logs with data you need.

Vadim
> On 09 Jun 2018, at 17:33, Blason R <[hidden email]> wrote:
>
> Hi There,
>
> I have DNS RPZ server runnnig and have configured logstatsh on the same to parse the DNS RPZ logs.
>
> My requirement is I need to build Geo Map basis on the DNS responses; Any idea how can that be achieved? Or need to know the requests made from which country and any other idea community can suggest?
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Building Geo Map using Queries

Bind-Users forum mailing list
Nope. YMMV depending on your requirements.

I did it a while ago but I've just parsed the query logs with my script and stored logs in MySQL + used google maps to show it ( http://dnsstat.ipvm.biz/ and a funny video: https://youtu.be/mI1p0VjalT ). 
I needed more details so I've used "whois" + RIPE DB.

AFAIK Splunk (even with free tier) provides such ability. You may use some other providers like DomainTools as well. 

Vadim
On 10 Jun 2018, at 08:15, Blason R <[hidden email]> wrote:

Thanks!

Any particular use case or configuration you would like to suggest?


On Sun, Jun 10, 2018 at 10:25 AM Vadim Pavlov <[hidden email]> wrote:
Hi Blason,

You can use MaxMind GeoIP DB and enrich logs with data you need.

Vadim
> On 09 Jun 2018, at 17:33, Blason R <[hidden email]> wrote:
>
> Hi There,
>
> I have DNS RPZ server runnnig and have configured logstatsh on the same to parse the DNS RPZ logs.
>
> My requirement is I need to build Geo Map basis on the DNS responses; Any idea how can that be achieved? Or need to know the requests made from which country and any other idea community can suggest?
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users