Hi,
My manager wants geolocation info in the http.log.
I have looked at several scripts and only see geolocation info in conn.log and ssh.log etc.
Is it a sound idea to have geolocation info in the http.log?
Thank you.
It’s hard to answer if it’s a good idea. It really depends on the desired goal of your manager.
From a security perspective, I’d rather have that data on the conn log. You can correlate the conn to the http traffic or any other protocol, but not reduce the visibility by pinning it to a single protocol.
I would need to know more about the goals and you are always free to reach out to me directly if you’d prefer.
Hope this helps.
-PK