Update Geolocation Database used in Security Monitoring Dashboards

Overview

You can use F5 NGINX Security Monitoring to monitor NGINX App Protect WAF instances. The Security Monitoring analytics dashboard uses MaxMind’s GeoLite2 Free Database to provide extra Geolocation data for Security Violations.

By completing the steps in this topic, you will be able to update the Security Monitoring module to get the latest Geolocation database such that the dashboards can provide accurate data.

Before You Begin

Complete the following prerequisites before proceeding with this guide:

  • NGINX Security Monitoring is installed and running.
  • NGINX App Protect is configured, and the Security Monitoring dashboard is gathering security violations

How to update Geolocation Database

  1. Create a MaxMind account and subscribe to get the latest updates to the Geolocation database.

  2. Download the GeoLite2 Country (Edition ID: GeoLite2-Country) database in a GeoIP2 Binary .mmdb format from the MaxMind website. The database will be present in a gzip downloaded file.

  3. Unzip the downloaded gzip file, which contains the binary data of the GeoLite2 Country database with a filename GeoLite2-Country.mmdb

  4. Replace the GeoLite2-Country.mmdb present on your NGINX Instance Manager’s Control Plane at /usr/share/nms/geolite2/GeoLite2-Country.mmdb with the newly downloaded GeoLite2 Country database.

    Example:

    sudo scp /path/to/GeoLite2-Country.mmdb {user}@{host}:/usr/share/nms/geolite2/GeoLite2-Country.mmdb
    
  5. Restart the NGINX Instance Manager services

    sudo systemctl restart nms-ingestion
    sudo systemctl restart nms-core
    


Last modified November 14, 2024