Manual Reference Pages - CCFILTER (3)
ccfilter - Mapping IPv4 addresses to country codes
rwfilter [--scc=COUNTRY_CODES] [--dcc=COUNTRY_CODES] ...
rwcut --fields=scc,dcc ...
rwgroup --id-fields=scc,dcc ...
rwsort --fields=scc,dcc ...
rwstats --fields=scc,dcc ...
rwuniq --fields=scc,dcc ...
rwpmaplookup --country-codes ...
The country code mapping file provides a mapping from an IPv4
address to two-letter, lowercase abbreviation of the country where
that IP address is located. The mapping file allows the country code
value of IP addresses on a SiLK Flow record to be partitioned
(rwfilter(1)), displayed (rwcut(1)), sorted (rwsort(1)),
grouped (rwgroup(1)), and counted (rwstats(1) and rwuniq(1)).
The rwpmaplookup(1) tool, when invoked with the --country-codes
switch, accepts textual input and prints the country code for the IPs,
which provide a way to print country codes for the IPs in SiLK IPsets
The abbreviations used by the country code utility are those used by
the Root-Zone Whois Index (see for example
<http://www.iana.org/cctld/cctld-whois.htm>) or one of the following
The SiLK tools look for the country code mapping file in a standard
location as detailed in the FILES section below. To provide an
alternate location, specify that location in the SILK_COUNTRY_CODES
N/A (e.g. private and experimental reserved addresses)
Creating the Prefix Map (pmap) file that maps an IP to its country
code requires the GeoIP Country(R) or free GeoLite database created by
MaxMind, available from <http://www.maxmind.com>, as described in the
MAPPING FILE section below.
Country code support makes available two additional keys to the
--fields switch in the rwcut(1), rwgroup(1), rwsort(1),
rwstats(1), and rwuniq(1) tools:
In rwfilter(1), the following switches are supported:
Print, sort, and/or count the flow records by the country code
designation of the source IP address
As scc for the destination address
Pass the record if the country code of its source IP address is in the
As --scc for the destination IP address.
To map from IP addresses to country codes you will need to create the
country_codes.pmap data file and install it in the appropriate
location (see the FILES section below), or specify the path to the
file in the SILK_COUNTRY_CODES environment variable.
The prefix map data file is based on the GeoIP Country(R) or free
GeoLite database created by MaxMind and available from
<http://www.maxmind.com/>. We do not distribute the database nor the
data file, but we provide Perl scripts that will convert the GeoIP
database to the format that ccfilter.so expects.
MaxMind distributes multiple versions of their GeoIP Country database;
one is a free evaluation copy that is 97% accurate. In addition,
they sell versions with higher accuracy, and they offer various
The rwgeoip2ccmap(1) program converts the MaxMind GeoIP file to the
form that the SiLK tools require.
This environment variable allows the user to specify the country code
mapping file that the SiLK tools use. The value may be a complete
path or a file relative to SILK_PATH. If the variable is not
specified, the code looks for a file named country_codes.pmap as
specified in the FILES section below.
This environment variable gives the root of the install tree. The
SiLK applications check the directories $SILK_PATH/share/silk and
$SILK_PATH/share for the country code mapping file,
The tools will look for the data file that maps IPs to country codes
in the following locations. ($SILK_COUNTRY_CODES is the value
of the SILK_COUNTRY_CODES environment variable, if it is set.
$SILK_PATH is value of the SILK_PATH environment variable, if it is
set. The use of /usr/local/ assumes the application is installed in
the /usr/local/bin/ directory.)
rwcut(1), rwfilter(1), rwgroup(1), rwsort(1),
rwstats(1), rwuniq(1), rwgeoip2ccmap(1), rwpmaplookup(1),
|SiLK 188.8.131.52 ||CCFILTER (3) ||2016-04-05 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.