rwgeoip2ccmap(1) SiLK Tool Suite rwgeoip2ccmap(1)NAMErwgeoip2ccmap - Create a country code prefix map from a GeoIP data file
SYNOPSIS
unzip -p GeoIPCountryCSV.zip | \
rwgeoip2ccmap--csv-input > country_codes.pmap
gzip -d -c GeoIPv6.csv.gz | \
rwgeoip2ccmap--v6-csv-input > country_codes.pmap
(gzip -d -c GeoIPv6.csv.gz ; unzip -p GeoIPCountryCSV.zip ) | \
rwgeoip2ccmap--v6-csv-input > country_codes.pmap
rwgeoip2ccmap--help
rwgeoip2ccmap--man
rwgeoip2ccmap--version
DESCRIPTION
Prefix maps provide a way to map field values to string labels based on
a user-defined map file. The country code prefix map, typically named
country_codes.pmap, is a special prefix map that maps an IP address to
a two-letter country code. It uses the country codes defined by the
Internet Assigned Numbers Authority
(<http://www.iana.org/root-whois/index.html>).
The country code prefix map file is used by ccfilter(3) to map IP
addresses to country codes in various SiLK tools. The ccfilter feature
allows you to
· partition by country codes in rwfilter(1)
· display the country codes in rwcut(1)
· sort by the country codes in rwsort(1)
· bin by the country codes in rwstats(1), rwuniq(1), and rwgroup(1).
The rwpmaplookup(1) command can use the country code mapping file to
display the country code for textual IP addresses.
The country code prefix map is based on the GeoIP Country(R) or free
GeoLite database created by MaxMind(R) and available from
<http://www.maxmind.com/>. (Note: You must use the MaxMind legacy
database format. rwgeoip2ccmap does not support the GeoIP2 and
GeoLite2 databases.) The GeoLite database is a free evaluation copy
that is "98% accurate" which is updated monthly. MaxMind sells the
GeoIP Country database which has over "99% accuracy" and is updated
weekly.
The database is available in multiple formats:
GeoIPCountryCSV.zip
a compressed (zip(1)) textual file containing an IPv4 range,
country name, and county code in a comma separated value (CSV)
format. If you download this format, specify --csv-input on the
rwgeoip2ccmap command line. This is the recommended format for
IPv4 support.
GeoIP.dat.gz
a compressed (gzip(1)) binary file containing an encoded form of
the IPv4 address range and country code. If you download this
format, specify --encoded-input on the rwgeoip2ccmap command line.
This format is not recommended, as rwgeoip2ccmap may not know about
all the country codes that the binary file contains.
GeoIPv6.csv.gz
a compressed (gzip) textual file containing an IPv6 range, country
name, and county code in a CSV format. If you download this
format, specify --v6-csv-input on the rwgeoip2ccmap command line.
This file only contains IPv6 data. If you use this file to create
your country code prefix map, any IPv4 addresses will have the
unknown value "--".
GeoIPv6.dat.gz
a compressed (gzip) binary file containing an encoded form of the
IPv6 address range and country code. rwgeoip2ccmap does not
support this input file.
OPTIONS
Option names may be abbreviated if the abbreviation is unique or is an
exact match for an option. A parameter to an option may be specified
as --arg=param or --arg param, though the first form is required for
options that take optional parameters.
One of the following switches is required:
--csv-input
Treat the standard input as a textual stream containing the CSV
(comma separated value) GeoIP Legacy country code data for IPv4.
--encoded-input
Treat the standard input as a binary stream containing the encoded
GeoIP Legacy country code data for IPv4.
--v6-csv-input
Treat the standard input as a textual stream containing the CSV
GeoIP Legacy country code data for IPv6.
The following switches display information about rwgeoip2ccmap:
--help
Print the available options and exit.
--version
Print the version number and exit the application.
--man
Print the formatted manual page to the $PAGER or to the standard
output, and exit.
EXAMPLES
The following examples show how to create the country code prefix map
file, country_codes.pmap, from various forms of input. Once you have
created the country_codes.pmap file, you should copy it to
/usr/local/share/silk/country_codes.pmap so that the ccfilter(3) plug-
in can find it. Alternatively, you can set the SILK_COUNTRY_CODES
environment variable to the location of the country_codes.pmap file.
In these examples, the dollar sign ($) represents the shell prompt.
Some input lines are split over multiple lines in order to improve
readability, and a backslash (\) is used to indicate such lines.
IPv4 Comma Separated Values File
Download CSV version of the MaxMind GeoIP Legacy Country database for
IPv4, GeoIPCountryCSV.zip. (Use the Legacy form of the GeoIP or
GeoLite database since the GeoIP2 and GeoLite2 databases are not
supported. Running unzip -l on the zip file should show a single file,
GeoIPCountryWhois.csv.) To expand this file, use the unzip(1) utility;
by using the -p option to unzip, you can pass the output of unzip
directly to rwgeoip2ccmap:
$ unzip -p GeoIPCountryCSV.zip | \
rwgeoip2ccmap--csv-input > country_codes.pmap
IPv4 Binary Encoded File
Obtain the binary version of the MaxMind GeoIP Legacy Country database
for IPv4, GeoIP.dat.gz. Use the -d switch of the gzip(1) tool to
uncompress the file, and the -c switch causes gzip to write the result
to the standard output. To create the country_codes.pmap data file,
run:
$ gzip -d -c GeoIP.dat.gz | \
rwgeoip2ccmap--encoded-input > country_codes.pmap
IPv6 Comma Separated Values File
If you download the IPv6 version of the MaxMind GeoIP Legacy Country
database, use the following command to create the country_codes.pmap
file:
$ gzip -d -c GeoIPv6.csv.gz | \
rwgeoip2ccmap--v6-csv-input > country_codes.pmap
Since the GeoIPv6.csv.gz file only contains IPv6 addresses, the
resulting country_codes.pmap file will display the unknown value ("--")
for any IPv4 address. See the next example for a solution.
IPv6 and IPv4 Comma Separated Values Files
To create a country_codes.pmap mapping file that supports both IPv4 and
IPv6 addresses, first download both of the Legacy CSV files
(GeoIPv6.csv.gz and GeoIPCountryCSV.zip) from MaxMind.
You need to uncompress both files and feed the result as a single
stream to the standard input of rwgeoip2ccmap. This can be done in a
few commands:
$ gzip -d GeoIPv6.csv.gz
$ unzip GeoIPCountryCSV.zip
$ cat GeoIPv6.csv GeoIPCountryWhois.csv | \
rwgeoip2ccmap--v6-csv-input > country_codes.pmap
Alternatively, if your shell supports it, you may be able to use a
subshell to avoid having to store the uncompressed data:
$ ( gzip -d -c GeoIPv6.csv.gz ; unzip -p GeoIPCountryCSV.zip ) | \
rwgeoip2ccmap--v6-csv-input > country_codes.pmap
SEE ALSOccfilter(3), rwpmaplookup(1), rwfilter(1), rwcut(1), rwsort(1),
rwstats(1), rwuniq(1), rwgroup(1), rwpmapbuild(1), silk(7), gzip(1),
zip(1), unzip(1)SiLK 3.11.0.1 2016-02-19 rwgeoip2ccmap(1)