Update Geolocation Database used in Security Monitoring Dashboards
Overview
You can use F5 NGINX Security Monitoring to monitor NGINX App Protect WAF instances. The Security Monitoring analytics dashboard uses MaxMind’s GeoLite2 Free Database to provide extra Geolocation data for Security Violations.
By completing the steps in this topic, you will be able to update the Security Monitoring module to get the latest Geolocation database such that the dashboards can provide accurate data.
Before You Begin
Complete the following prerequisites before proceeding with this guide:
- NGINX Security Monitoring is installed and running.
- NGINX App Protect is configured, and the Security Monitoring dashboard is gathering security violations
How to update Geolocation Database
-
Create a MaxMind account and subscribe to get the latest updates to the Geolocation database.
-
Download the GeoLite2 Country (Edition ID: GeoLite2-Country) database in a GeoIP2 Binary
.mmdb
format from the MaxMind website. The database will be present in agzip
downloaded file. -
Unzip the downloaded
gzip
file, which contains the binary data of the GeoLite2 Country database with a filenameGeoLite2-Country.mmdb
-
Replace the
GeoLite2-Country.mmdb
present on your NGINX Instance Manager’s Control Plane at/usr/share/nms/geolite2/GeoLite2-Country.mmdb
with the newly downloaded GeoLite2 Country database.Example:
sudo scp /path/to/GeoLite2-Country.mmdb {user}@{host}:/usr/share/nms/geolite2/GeoLite2-Country.mmdb
-
Restart the NGINX Instance Manager services
sudo systemctl restart nms-ingestion sudo systemctl restart nms-core