Jeremy Rossi

Whitelist does not do prefixes. For IPv4 you could try using cdb lists: https://ossec.github.io/docs/manual/rules-decoders/rule-lists.html?highlight=cdb Using cdb for IPv6 is really not possible in a meaning full way do to how...

The correct way to match address for IPv6 and IPv4 would be to us radix tree https://en.m.wikipedia.org/wiki/Radix_tree and in fact would be a great data structure for a lot of...

I am going to accept this and get people testing this. It looks correct to me.

@mstarks01 bring up a question i think both directions of slash work.

So for a long time now windows accepts / in place of \ . So the function should always work. What this bug does fix is that paths for realtime...

I am still completely lost on the correct way forward. The patch is correct and fixes a bug, but that big is now codified in configuration, but only for real...

@reyjrar any way I could get you write up some clarification docs for around this? Then we will make sure that all the ossec rules are inline and working the...

pushing this out till after 2.9 so that we can put this in the release notes about an upcoming change that _could_ require manual changes to make sure rules still...

@awiddersheim We understand the patch now and it's a bug in paths on Windows and that people could have codified in their configs. WE need to release 2.9 with a...

Working great !!!! Thank you so much.