diff --git a/conf.d/12-suricata.conf b/conf.d/12-suricata.conf
index a43f77cd5dbeb89032156eea0f8af3325ea1d78d..a191cf084171a127381bcfe810294303635267b6 100644
--- a/conf.d/12-suricata.conf
+++ b/conf.d/12-suricata.conf
@@ -46,12 +46,12 @@ filter {
         geoip {
           add_tag => [ "GeoIP" ]
           source => "[source][ip]"
-          database => "/etc/logstash/GeoLite2-City.mmdb"
+          database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
           target => "[source][geo]"
         }
         geoip {
           default_database_type => 'ASN'
-          database => "/etc/logstash/GeoLite2-ASN.mmdb"
+          database => "/usr/share/GeoIP/GeoLite2-ASN.mmdb"
           #cache_size => 5000
           source => "[source][ip]"
           target => "[source][as]"
@@ -73,12 +73,12 @@ filter {
         geoip {
           add_tag => [ "GeoIP" ]
           source => "[destination][ip]"
-          database => "/etc/logstash/GeoLite2-City.mmdb"
+          database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
           target => "[destination][geo]"
         }
         geoip {
           default_database_type => 'ASN'
-          database => "/etc/logstash/GeoLite2-ASN.mmdb"
+          database => "/usr/share/GeoIP/GeoLite2-ASN.mmdb"
           #cache_size => 5000
           source => "[destination][ip]"
           target => "[destination][as]"