The easiest way would be to create 2 rules. I'm not sure why the cidr isn't working in cdb lists. It's supposed to, but I'm testing it now and either it's broken or I'm doing something wrong.
On Wed, Aug 31, 2011 at 2:51 AM, Blauch Armand <[email protected]> wrote: > Hello, > > I try to avoid alerte from a subnet and from a specific IP. > If I use <scrip>X.X.X.X/24</scrip> or <scrip>Y.Y.Y.Y</scrip> I have no > issue. > But when I try to use <scrip>X.X.X.X/24|Y.Y.Y.Y/32</scrip> or > <scrip>X.X.X.X/24|Y.Y.Y.Y</scrip> , it doesn't work (OSSEC doesn't > restart). > I have to use a list, and in this list it's doesn't work if I add a > subnet range. It's work only if I add each adress of the subnet like > this: > X.X.X.1:X.X.X.1 > X.X.X.2:X.X.X.2 > X.X.X.3:X.X.X.3 > X.X.X.4:X.X.X.4 > X.X.X.5:X.X.X.5 > ... > > Do you know if a simpliest way exist? > > Thanks for your help, > > AB
