FAQ: GeoIP database in Sawmill is not as accurate as the one on the Maxmind site

Some of the IP addresses in my data are not resolved properly to country/region/city by Sawmill. I know that Sawmill uses the MaxMind GeoIP database, and when I go to the MaxMind site, their demo resolves these IPs properly. Why isn't Sawmill doing the same as the online GeoIP demo?

Short Answer

Sawmill uses the GeoLite City database, a less accurate (and less expensive) version of the GeoIP City database. To get full accuracy, buy GeoIP City from MaxMind.

Long Answer

MaxMind provides two tiers for their City database: GeoIP City and GeoLite City. They do not provide GeoIP City for bundling with products like Sawmill, so Sawmill includes the GeoLite City database. GeoLite City is less accurate than GeoIP City, so the results you get from Sawmill using its default GeoLite City database will be less accurate than using GeoIP City. Since the web demo of GeoIP on the MaxMind site uses GeoIP City, there will be some cases where Sawmill cannot place an IP, but the web demo can.

The solution is to upgrade to the full GeoIP City database, which you can do directly through MaxMind. That database is a drop-in replacement for GeoLite City, so once you have purchased it, you can drop it in on top of the GeoIP-532.dat file in the LogAnalysisInfo directory in your Sawmill installation, and rebuild your databases, and you will get a more accurate geographical location.