The syslog-ng PE application can lookup IP addresses from an offline GeoIP2 database, and make the retrieved data available in name-value pairs. Depending on the database used, you can access country code, longitude, and latitude information and so on.
The syslog-ng PE application works with the Country and the City version of the GeoIP2 database, both free and the commercial editions. The syslog-ng PE application works with the mmdb (GeoIP2) format of these databases. Other formats, like csv are not supported.
To access longitude and latitude information, download the City version of the GeoIP2 database.
There are two types of GeoIP2 databases available.
Unzip the downloaded database (for example, to the /usr/share/GeoIP2/GeoIP2City.mmdb file). This path will be used later in the configuration.