https://github.com/cercide/mmdb

Create a MaxMind Databases for your own needs.
https://github.com/cercide/mmdb

geoip geoip2 ip-database logstash logstash-filter maxmind mmdb

Last synced: 4 months ago
JSON representation

Create a MaxMind Databases for your own needs.

• Host: GitHub
• URL: https://github.com/cercide/mmdb
• Owner: cercide
• License: mit
• Created: 2023-03-04T23:09:05.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2023-03-08T09:29:11.000Z (over 3 years ago)
• Last Synced: 2025-12-15T06:15:51.244Z (6 months ago)
• Topics: geoip, geoip2, ip-database, logstash, logstash-filter, maxmind, mmdb
• Language: Python
• Homepage:
• Size: 911 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


    
MMDB




    Create a MaxMind Databases for your own needs.





    

    

    

    

    





    pip install mmdb[cli]



## Features

  + Query any maxmind database: `mmdb get  -d `

  + Download and build [DBIP](https://db-ip.com/db/lite.php) database [ASN Lite](https://db-ip.com/db/download/ip-to-asn-lite), [Country Lite](https://db-ip.com/db/download/ip-to-country-lite), and [City Lite](https://db-ip.com/db/download/ip-to-city-lite): `mmdb dbip-build`

  + Create an IP database from a CSV file: `mmdb build `

  + Logstash [GeoIP Filter Plugin](https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html) compatibility: `mmdb build  --lsc`

  + Additional country data such as **is_eu**, **is_nato**, or **is_g7**: `mmdb build  -f country`

## Examples

 ![Example Localnet](.github/rsc/example_localnet.gif)

 ![Example Country](.github/rsc/example_country.gif)

## Logstash Compatibility

Logstash ships with the [GeoIP Filter Plugin](https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html)

which enriches a document with IP GeoData. However, the plugin supports specific MaxMind database types only.

As a result, any other database type disables the plugin.

Regarding this, the plag `--lsc` enables logstash support. Long story short:

You get a MaxMind ASN Database, but the IP info as an embedded json string within the

`asn_organization_name` field. The logstash pipeline must load that json data and adds it to

the document, exemplified below

```

filter {

  geoip {

    source => "ip"

    database => "/path/to/my/database.mmdb"

    ecs_compatibility => disabled

    target => "wrapped_ip_data"

  }

  json {

    source => "[wrapped_ip_data][organization_name]"

    target => "myip"

  }

  mutate {

    remove_field => ["wrapped_ip_data"]

  }

}

```