Hi,
I want to use a txt file from http://rules.emergingthreats.net/blockrules/compromised-ips.txt for a lookup table.
I choose DSV File from HTTP and I check only the presense of the ip address.
But I have no idea which Line Separator I have to choose.
I tried \n and \r\n and both did not work. Any other ideas?
Configuration:
The DSV Lookup will work only with key - value lookups. A simple “is present, then true” is not possible.
But there is a check box for “Check Presence Only” “Only check if key is present in table, returns boolean instead of value.”
Is there an other option to check against such a list like http://rules.emergingthreats.net/blockrules/compromised-ips.txt
The list only conains a list of ip addresses.
For Example:
103.80.36.19
103.99.1.193
103.99.2.150
103.99.2.172
103.99.3.222
104.129.57.122
104.131.109.234
104.196.176.120
104.215.149.132
104.236.234.82
Sorry missed that check on the presence.
You might want to create a feature request because it is not possible to have a list without quote character. That is what you actually have with that list.
This should be done in the server repo: https://github.com/Graylog2/graylog2-server/issues
Hi Jan,
I will create an feature request this week.
For now I will fetch the file with wget and with a sed script I will add the quote character.
Then I put it an my local http server and take my local, quoted source
Thanks for your quick support
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.