Hello, Thanks for your help. I just tried with "address_match_key" and with this kind of list: X.X.X.X/24:X.X.X.X/24, and it's doesn't work. I must miss something, how is your list.txt? same as mine (X.X.X.X/ 24:X.X.X.X/24)?
AB On 1 sep, 01:24, "dan (ddp)" <[email protected]> wrote: > Correcting myself: > The IP lookups will work, but you need to use the address_match_key lookup > type. > > > > > > > > On Wed, Aug 31, 2011 at 5:04 PM, dan (ddp) <[email protected]> wrote: > > The easiest way would be to create 2 rules. > > I'm not sure why the cidr isn't working in cdb lists. It's supposed > > to, but I'm testing it now and either it's broken or I'm doing > > something wrong. > > > On Wed, Aug 31, 2011 at 2:51 AM, Blauch Armand <[email protected]> wrote: > >> Hello, > > >> I try to avoid alerte from a subnet and from a specific IP. > >> If I use <scrip>X.X.X.X/24</scrip> or <scrip>Y.Y.Y.Y</scrip> I have no > >> issue. > >> But when I try to use <scrip>X.X.X.X/24|Y.Y.Y.Y/32</scrip> or > >> <scrip>X.X.X.X/24|Y.Y.Y.Y</scrip> , it doesn't work (OSSEC doesn't > >> restart). > >> I have to use a list, and in this list it's doesn't work if I add a > >> subnet range. It's work only if I add each adress of the subnet like > >> this: > >> X.X.X.1:X.X.X.1 > >> X.X.X.2:X.X.X.2 > >> X.X.X.3:X.X.X.3 > >> X.X.X.4:X.X.X.4 > >> X.X.X.5:X.X.X.5 > >> ... > > >> Do you know if a simpliest way exist? > > >> Thanks for your help, > > >> AB
