Decoder: Geo IP Parser

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Sep 25, 2017
Version 2Show Document
  • View in full screen mode
  

This topic introduces the Geo IP parser for Decoders.

One of the files available for editing in the Services Config view > Files tab is GeoPrivate.ipl, the Geo IP parser.

GeoPrivate.ipl

The Geo IP parser is a fixed parser that takes IP addresses and converts them to geographical locations. The locations are displayed through the Google Earth display.

The geolocation metadata in GeoPrivate.ipl, are added for both ip.src and ip.dst. The parser uses two external data files, GeoCity.dat and GeoCountry.dat, which are both stored in the application directory. There are up to eight metadata for each IP address as listed in the table below.

                                         
MetadataDescription
city.dstDestination City
city.srcSource City
country.dstDestination Country
country.srcSource Country
latdec.dstDestination Decimal Latitude
latdec.srcSource Decimal Latitude
longdec.dstDestination Decimal Longitude
longdec.srcSource Decimal Longitude
Previous Topic:String Functions
Next Topic:Lua Parsers
You are here
Table of Contents > References > Services Config View - Files Tab > Geo IP Parser

Attachments

    Outcomes