• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 22 subscribers
  • Views 219 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

IP range exclusion

msengele

Hello,

I would like to create a rule in the LEM that will detect IPS traffic that is going to an IP range and exclude a range from being detected as well. What is the best way to call out a range of IP address in the rules i.e. 192.168.*.* or 192.168.*. How does the format need to be or what is the best practice for this.

Thanks

Parents
  • 0

    I've used mid-string wildcards successfully in filters, so 192.168.*.* would work.  blsanner is also correct, that 192.168.* would work, though it won't just match 192.168.0.1 to 192.168.255.255, but also 192.168.chickensandwich.  It's unlikely that the LEM will ever see chickensandwich in an IP, but that could be an issue if you were filtering Event Info or Extraneous Info on an event.

    You could also create  User Defined Group with ranges in it:

    192.168.0.10*

    192.168.41.25*

    You can import UDGs from a CSV file, if it is formatted correctly (you can paste this into a text file and then import it as a UDG to see how it worked):

    UDG, A Sample Group Title, This Group is a Sample Created by the UDG Import Process

    IPS Range 1, 192.168.0.10*, IPS Devices for the 0 subnet

    Dallas IPS, 192.168.2.25, Dallas IPS

    Austin IPS, 192.168.3.44, Austin IPS

Reply
  • 0

    I've used mid-string wildcards successfully in filters, so 192.168.*.* would work.  blsanner is also correct, that 192.168.* would work, though it won't just match 192.168.0.1 to 192.168.255.255, but also 192.168.chickensandwich.  It's unlikely that the LEM will ever see chickensandwich in an IP, but that could be an issue if you were filtering Event Info or Extraneous Info on an event.

    You could also create  User Defined Group with ranges in it:

    192.168.0.10*

    192.168.41.25*

    You can import UDGs from a CSV file, if it is formatted correctly (you can paste this into a text file and then import it as a UDG to see how it worked):

    UDG, A Sample Group Title, This Group is a Sample Created by the UDG Import Process

    IPS Range 1, 192.168.0.10*, IPS Devices for the 0 subnet

    Dallas IPS, 192.168.2.25, Dallas IPS

    Austin IPS, 192.168.3.44, Austin IPS

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.