Correcting myself: The IP lookups will work, but you need to use the address_match_key lookup type.
On Wed, Aug 31, 2011 at 5:04 PM, dan (ddp) <[email protected]> wrote: > The easiest way would be to create 2 rules. > I'm not sure why the cidr isn't working in cdb lists. It's supposed > to, but I'm testing it now and either it's broken or I'm doing > something wrong. > > On Wed, Aug 31, 2011 at 2:51 AM, Blauch Armand <[email protected]> wrote: >> Hello, >> >> I try to avoid alerte from a subnet and from a specific IP. >> If I use <scrip>X.X.X.X/24</scrip> or <scrip>Y.Y.Y.Y</scrip> I have no >> issue. >> But when I try to use <scrip>X.X.X.X/24|Y.Y.Y.Y/32</scrip> or >> <scrip>X.X.X.X/24|Y.Y.Y.Y</scrip> , it doesn't work (OSSEC doesn't >> restart). >> I have to use a list, and in this list it's doesn't work if I add a >> subnet range. It's work only if I add each adress of the subnet like >> this: >> X.X.X.1:X.X.X.1 >> X.X.X.2:X.X.X.2 >> X.X.X.3:X.X.X.3 >> X.X.X.4:X.X.X.4 >> X.X.X.5:X.X.X.5 >> ... >> >> Do you know if a simpliest way exist? >> >> Thanks for your help, >> >> AB >
