the geoip-conn provides geolocation information for the IP addresses in the conn.log file. this packaage depends on "GeoLite2-City.mmdb" database created by MaxMind. the location information matches only IP address from the internal database
root@dco:~$ zkg install https://github.com/brimdata/geoip-conn.git
root@dco:~$ zeek -Cr case1.pcap geoip-conn
root@dco:~$ cat conn.log | zeek-cut uid id.orig_h id.resp_h geo.orig.country_code geo.orig.region geo.orig.city geo.orig.latitude geo.orig.longitude geo.resp.country_code geo.resp.region geo.resp.city
Cbk46G2zXi2i73FOU6 10.6.27.102 23.63.254.163 - - - - - US CA Los Angeles
