GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ccfilter(3) SiLK Tool Suite ccfilter(3)

ccfilter - Mapping IPv4 addresses to country codes

  rwfilter [--scc=COUNTRY_CODES] [--dcc=COUNTRY_CODES] ...

  rwcut --fields=scc,dcc ...

  rwgroup --id-fields=scc,dcc ...

  rwsort --fields=scc,dcc ...

  rwstats --fields=scc,dcc ...

  rwuniq --fields=scc,dcc ...

  rwpmaplookup --country-codes ...

The country code mapping file provides a mapping from an IPv4 address to two-letter, lowercase abbreviation of the country where that IP address is located. The mapping file allows the country code value of IP addresses on a SiLK Flow record to be partitioned (rwfilter(1)), displayed (rwcut(1)), sorted (rwsort(1)), grouped (rwgroup(1)), and counted (rwstats(1) and rwuniq(1)).

The rwpmaplookup(1) tool, when invoked with the --country-codes switch, accepts textual input and prints the country code for the IPs, which provide a way to print country codes for the IPs in SiLK IPsets or bags.

The abbreviations used by the country code utility are the two-letter codes defined in ISO 3166 part 1. For additional information, see <https://www.iso.org/iso-3166-country-codes.html> and <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2>. Some IP addresses map to one of the following special codes:

--
N/A (e.g. private and experimental reserved addresses)
a1
anonymous proxy
a2
satellite provider
o1
other

The SiLK tools look for the country code mapping file in a standard location as detailed in the "FILES" section below. To provide an alternate location, specify that location in the SILK_COUNTRY_CODES environment variable.

Creating the Prefix Map (pmap) file that maps an IP to its country code requires the GeoIP2 Country or free GeoLite2 database created by MaxMind, available from <https://dev.maxmind.com/geoip/>, as described in the "MAPPING FILE" section below.

Country code support makes available two additional keys to the --fields switch in the rwcut(1), rwgroup(1), rwsort(1), rwstats(1), and rwuniq(1) tools:
scc,18
Print, sort, and/or count the flow records by the country code designation of the source IP address
dcc,19
As scc for the destination address

In rwfilter(1), the following switches are supported:

--scc=COUNTRY_CODE_LIST
Pass the record if the country code of its source IP address is in the specified COUNTRY_CODE_LIST.
--dcc=COUNTRY_CODE_LIST
As --scc for the destination IP address.

To map from IP addresses to country codes you will need to create the country_codes.pmap data file and install it in the appropriate location (see the "FILES" section below), or specify the path to the file in the SILK_COUNTRY_CODES environment variable.

The prefix map data file is based on the GeoIP2 Country(R) or free GeoLite2 database created by MaxMind and available from <https://dev.maxmind.com/geoip/>. We do not distribute the database nor the data file, but we provide the rwgeoip2ccmap(1) tool that converts the GeoIP database to the format that ccfilter.so expects.

MaxMind distributes multiple versions of their GeoIP Country database; one is a free evaluation copy. In addition, they sell versions with higher accuracy, and they offer various subscription services.

SILK_COUNTRY_CODES
This environment variable allows the user to specify the country code mapping file that the SiLK tools use. The value may be a complete path or a file relative to SILK_PATH. If the variable is not specified, the code looks for a file named country_codes.pmap as specified in the "FILES" section below.
SILK_PATH
This environment variable gives the root of the install tree. The SiLK applications check the directories $SILK_PATH/share/silk and $SILK_PATH/share for the country code mapping file, country_codes.pmap.

The tools will look for the data file that maps IPs to country codes in the following locations. ($SILK_COUNTRY_CODES is the value of the SILK_COUNTRY_CODES environment variable, if it is set. $SILK_PATH is value of the SILK_PATH environment variable, if it is set. The use of /usr/local/ assumes the application is installed in the /usr/local/bin/ directory.)

  $SILK_COUNTRY_CODES
  $SILK_PATH/share/silk/country_codes.pmap
  $SILK_PATH/share/country_codes.pmap
  /usr/local/share/silk/country_codes.pmap
  /usr/local/share/country_codes.pmap

rwcut(1), rwfilter(1), rwgroup(1), rwsort(1), rwstats(1), rwuniq(1), rwgeoip2ccmap(1), rwpmaplookup(1), silk(7)
2022-04-12 SiLK 3.19.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.