Referring to parts of the message as a macro
You can refer to the separated parts of the message using the key of the value as a macro. For example, if the message contains
KEY1=value1,KEY2=value2, you can refer to the values as
for example, if the default prefix (
.geoip2) is used, you can determine the country code using
To look up all keys:
After installing this package, you will be able to use the
NoteThe name of the package depends on the Linux distribution. The package mentioned in this example is on Ubuntu.
Create a dump using the following command: `mmdblookup –file GeoLite2-City.mmdb –ip
The resulting dump file will contain the keys that you can use.
For a more complete list of keys, you can also check the GeoIP2 City and Country CSV Databases. However, note that the AxoSyslog application works with the
mmdb (GeoIP2) format of these databases. Other formats, like
csv are not supported.