$geo (parse-spec) function
This function is similar to the ipaddr-parse-spec-function, except that it returns the two-letter country code for the IPv4 portion of the word given by parse-spec. If the parse-spec value does not return an IP address, the match specification is not matched. This function is especially useful in a nested specification. For more information, see Nested-parse-expressions.
The following examples show target strings, parse expressions, and return values:
Target String | Parse Expression | Return Value |
|---|---|---|
src: 192.168.1.1 dest: 10.1.1.2
| $geo ($2) | ZZ Explanation: The ZZ country code indicates that 192.168.1.1 is a local address. |
address target: 1.2.1.1:88 logged | $geo ($extip()) | CN Explanation: The 1.2.1.1 address is located in China. The $extip() function returns the IP address from the message. |
dropped=66.2.3.45
| $geo (dropped=*) | US Explanation: The 66.2.3.45 address is located in the USA. |
Test 123 | $geo ($2) | No match Explanation: The second word of the target string is not an IP address. |
Test 192.1.1.1 value | $geo (xxx: *) | No match Explanation: There is no match for xxx: * in the target string. |
Related topic