Description
Adds GeoIP2 enrichment support to syslog-ng, allowing log pipelines to attach geographic metadata to IP addresses when a suitable database is configured. It is useful for security monitoring, traffic analysis, and reporting.
Geolocation is approximate and can be wrong. Treat it as context, protect the source logs, and make sure GeoIP databases are licensed and updated appropriately.