192.168.1.0/24 would be represented as 192.168.1. example: 192.168.1.:local addresses 192.168.2.:dmz addresses
etc. This part is in the documentation. On Thu, Sep 1, 2011 at 7:08 AM, Blauch Armand <[email protected]> wrote: > Hello, > > Thanks for your help. > I just tried with "address_match_key" and with this kind of list: > X.X.X.X/24:X.X.X.X/24, and it's doesn't work. > I must miss something, how is your list.txt? same as mine (X.X.X.X/ > 24:X.X.X.X/24)? > > AB > > On 1 sep, 01:24, "dan (ddp)" <[email protected]> wrote: >> Correcting myself: >> The IP lookups will work, but you need to use the address_match_key lookup >> type. >> >> >> >> >> >> >> >> On Wed, Aug 31, 2011 at 5:04 PM, dan (ddp) <[email protected]> wrote: >> > The easiest way would be to create 2 rules. >> > I'm not sure why the cidr isn't working in cdb lists. It's supposed >> > to, but I'm testing it now and either it's broken or I'm doing >> > something wrong. >> >> > On Wed, Aug 31, 2011 at 2:51 AM, Blauch Armand <[email protected]> wrote: >> >> Hello, >> >> >> I try to avoid alerte from a subnet and from a specific IP. >> >> If I use <scrip>X.X.X.X/24</scrip> or <scrip>Y.Y.Y.Y</scrip> I have no >> >> issue. >> >> But when I try to use <scrip>X.X.X.X/24|Y.Y.Y.Y/32</scrip> or >> >> <scrip>X.X.X.X/24|Y.Y.Y.Y</scrip> , it doesn't work (OSSEC doesn't >> >> restart). >> >> I have to use a list, and in this list it's doesn't work if I add a >> >> subnet range. It's work only if I add each adress of the subnet like >> >> this: >> >> X.X.X.1:X.X.X.1 >> >> X.X.X.2:X.X.X.2 >> >> X.X.X.3:X.X.X.3 >> >> X.X.X.4:X.X.X.4 >> >> X.X.X.5:X.X.X.5 >> >> ... >> >> >> Do you know if a simpliest way exist? >> >> >> Thanks for your help, >> >> >> AB
