It can be done using regular expressions. I've attached an example of
one that I use (best viewed in Courier font). This particular filter
only passes events that come from devices in the following IP address
ranges.
10.13.(0-29).4
10.17.(0-29).4
10.21.(0-29).4
10.25.(0-29).4
RuleName=ef_servers
RuleDescription=all servers in ef region
RuleContent=PRESENT=SNMP_TRAP && ((IP_ADDR=10\.13\.[1-2].\.4) ||
(IP_ADDR=10\.13\.[0-9]\.4)
|| (IP_ADDR=10\.17\.[1-2].\.4) || (IP_ADDR=10\.17\.[0-9]\.4) ||
(IP_ADDR=10\.21\.[1-2].\.4)
|| (IP_ADDR=10\.21\.[0-9]\.4) || (IP_ADDR=10\.25\.[1-2].\.4) ||
(IP_ADDR=10\.25\.[0-9]\.4))
Neil Whitehead (x22808)
IT Services (Telecoms)
The Royal Bank of Scotland
Tel: 0131-523 2808
e-mail: whitern@rbos.co.uk
> -----Original Message-----
> From: Cedric Deal [SMTP:cdeal@GTE.NET]
> Sent: Friday, February 19, 1999 2:39 AM
> To: NV-L@UCSBVM.ucsb.edu
> Subject: Filtering Events by IP Address Range?
>
> Is there a method to filter events using IP ranges? My customer
> wants to filter NodeUp and NodeDown events for a range of IP
> addresses.
>
> Thanks,
> Cedric Deal
This e-mail message is confidential and for use by the addressee only. If the
message is received by anyone other than the addressee, please return the
message to the sender by replying to it and then delete the message from your
computer..
'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc
does not accept responsibility for changes made to this message after it was
sent.'
|