Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database
Convert the GeoIP lookup feature available on the ALERTS tab in the Suricata package to use the local GeoIP2 database (when available) instead of the limited-use free web site currently used. The PHP code links to an external web site for the GeoIP lookup, but that site has a quota on the number of free API calls from the same source IP. Some users are hitting the quota and the GeoIP lookup is thus denied.
Suricata already has an option to use the locally-installed Maxmind GeoIP2 database infrastructure. It must be enabled by the user, and the user must supply a valid license key, to activate the feature. So switch the Suricata package GUI code to use the Maxmind GeoIP2 subsystem (when enabled) instead of the free public web site.
Note that this may also be the time to consider consolidating the Maxmind GeoIP2 database system into an optional pfSense system-level component that both Suricata and pfBlockerNG-devel could use jointly. Currently I believe each package installs its own instance of the Maxmind database, so there is needless redundancy there. There may be other pfSense packages or system features that could benefit from having a common GeoIP2 database infrastrucutre present.
No data to display