No future updates to GeoIP legacy databases

Jim_Mellander · April 12, 2018, 6:04pm

For those using Bro with libgeoip for IP location data, such as country of origin, Maxmind has announced that March 2018 will be the last update to the free legacy database:

https://dev.maxmind.com/geoip/geoip2/geolite2/
https://blog.hqcodeshop.fi/archives/387-MaxMind-GeoIP-database-legacy-version-discontinued.html

Some options appear to be:

Update Bro to use the new Maxmind library.
In the short term, generate legacy databases from the distributed CSVs for the new format from https://dev.maxmind.com/geoip/geoip2/geolite2/ using code like https://github.com/mteodoro/mmutils or https://github.com/dankamongmen/sprezzos-world/blob/master/packaging/geoip/debian/src/geoip-csv-to-dat.cpp (these would need to be modified to create legacy databases from the new format CSVs)…
Hope someone does #2 above and provides access to those generated databases.
Become a paying customer of Maxmind to continue to access the legacy format databases
Switch to another vendor with free IP location data, such as https://lite.ip2location.com/ - requiring a different library to access
Do nothing, in which case convergence from reality will gradually emerge.

I would be interested in the group’s thoughts about this.

Jim Mellander, ESNet

Isabelle_Grey · April 12, 2018, 6:14pm

We switched to the paid version of Maxmind here a little over a year ago for faster updates of the DB. The price is very reasonable and its an easy drop in replacement. We user it with Splunk and some other scripts as well as Bro so it was an easy decision for us.

greg · April 12, 2018, 6:43pm

Hello,

Last I checked (a few years ago) the Maxmind commercial offering was
pretty expensive, so I am interested to find that may no longer be the
case, if you don't mind how much are you paying Isabelle?

We have been using the db-ip API with other processes for quite a while
now as the free Maxmind GeoIP database is often inaccurate. The db-ip
service is great and the price is super cheap for API use and slightly
more expensive for a DB download which contains necessary data including
LAT and LONG. Been thinking about incorporating db-ip into Splunk and I
guess now Bro - so this news provides motivation to get that done.

https://db-ip.com

Greg

Topic		Replies	Views
Bro and GeoIP support Zeek	2	65	May 6, 2022
Geo Location Plugin Development development	25	111	May 6, 2022
updated versions of Bro 1.1 (stable) and 1.2( devel) now available Zeek	1	54	May 6, 2022
new bro "CURRENT" release - 0.8a57 Zeek	2	53	May 6, 2022
net specification in bro Zeek	2	68	May 6, 2022

No future updates to GeoIP legacy databases

Related Topics