The RSA Web Threat Detection installation includes the GeoIP-1.4.8-1.el6.x86_64.rpm as a dependency. This RPM provides a geoipupdate utility.
1. Modify the config file /etc/GeoIP.conf so that includes a MaxMind UserID and Licence Key and the appropriate ProductIDs.
NOTE: The free GeoIP Legacy City Lite database does not need a license key, just a placeholder as below. If you license the full database from MaxMind include those details instead.
[root@croxfglab ~]# nano /etc/GeoIP.conf
# The following UserId and LicenseKey are required placeholders:
UserId 999999
LicenseKey 000000000000
# Include one or more of the following ProductIds:
# * GeoLite2-City - GeoLite 2 City
# * GeoLite2-Country - GeoLite2 Country
# * GeoLite-Legacy-IPv6-City - GeoLite Legacy IPv6 City
# * GeoLite-Legacy-IPv6-Country - GeoLite Legacy IPv6 Country
# * 506 - GeoLite Legacy Country
# * 517 - GeoLite Legacy ASN
# * 533 - GeoLite Legacy City
ProductIds 533 GeoLite-Legacy-IPv6-City
2. Run the geoipupdate utility specifying the WTD geoip database location.
[root@croxfglab ~]# geoipupdate -v -d /var/opt/silvertail/lib/
Opened License file /etc/GeoIP.conf
Read in license key YOUR_LICENSE
number of product ids 2
Connecting to MaxMind GeoIP server
via Host or Proxy Server: api.maxmind.com:80
sending request GET /app/update_getfilename?product_id=533 HTTP/1.0
Host: updates.maxmind.com
database product id 533 database file name /var/opt/silvertail/lib/GeoLiteCity.dat
MD5 Digest of installed database is b8fe7967ae5ce66f8d4b786fa77d1c52
MD5 sum of database /var/opt/silvertail/lib/GeoLiteCity.dat is b8fe7967ae5ce66f8d4b786fa77d1c52
Connecting to MaxMind GeoIP Update server
sending request GET /app/update_getipaddr HTTP/1.0
Host: updates.maxmind.com
client ip address: 152.62.109.201
md5sum of ip address and license key is 20b48aa5b106ff5b918ad2046d150cef
sending request GET /app/update_secure?db_md5=b8fe7967ae5ce66f8d4b786fa77d1c52&challenge_md5=20b48aa5b106ff5b918ad2046d150cef&user_id=&edition_id=533 HTTP/1.0
Host: updates.maxmind.com
Downloading gzipped GeoIP Database...
/var/opt/silvertail/lib/GeoLiteCity.dat is up to date, no updates required
GeoIP Database up to date
Connecting to MaxMind GeoIP server
via Host or Proxy Server: api.maxmind.com:80
sending request GET /app/update_getfilename?product_id=GeoLite-Legacy-IPv6-City HTTP/1.0
Host: updates.maxmind.com
database product id GeoLite-Legacy-IPv6-City database file name /var/opt/silvertail/lib/GeoLiteCityv6.dat
MD5 Digest of installed database is 5f2460c6dc72de8ed924275b8347f5c7
MD5 sum of database /var/opt/silvertail/lib/GeoLiteCityv6.dat is 5f2460c6dc72de8ed924275b8347f5c7
md5sum of ip address and license key is 20b48aa5b106ff5b918ad2046d150cef
sending request GET /app/update_secure?db_md5=5f2460c6dc72de8ed924275b8347f5c7&challenge_md5=20b48aa5b106ff5b918ad2046d150cef&user_id=&edition_id=GeoLite-Legacy-IPv6-City HTTP/1.0
Host: updates.maxmind.com
Downloading gzipped GeoIP Database...
Done
Updating /var/opt/silvertail/lib/GeoLiteCityv6.dat
Saving gzip file to /var/opt/silvertail/lib/GeoLiteCityv6.dat.gz ... download data to a gz file named /var/opt/silvertail/lib/GeoLiteCityv6.dat.gz
Done
Uncompressing gzip file ... Done
Performing santity checks ... Database type is 30
database_info PASS lookup PASS
Done
Updated database
3. Automate the geoipupdate utility using cron to run. (e.g. weekly)
[root@croxfglab ~]# crontab -e
36 19 * * 6 /usr/local/bin/geoipupdate -d /var/opt/silvertail/lib/
| 
on Oct 17, 2016