Invalid IP network, skipping {:network=>"10.13.7.0/10.13.7.24"

input {
  file {
    path => "/home/a/Documents/iplist.txt"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
filter {
        grok {
        match => { "message" => "%{IP:src_ip}" }
      }
        cidr {
        add_tag => [ "testnet" ]
        address => [ "%{src_ip}" ]
        #separator => "-"
        network_path => "/home/a/Documents/ip.txt"
       # separator => "//"


      }
}
output {
    stdout { codec => rubydebug }
 }

above is my logstash configuration:

below is my ip.txt file
10.12.7.0-10.12.7.24
10.13.7.0-10.13.7.24

[2019-12-10T14:20:32,135][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.12.7.0/10.12.7.24", :event=>#<LogStash::Event:0x21adc04>}
[2019-12-10T14:20:32,137][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.13.7.0/10.13.7.24", :event=>#<LogStash::Event:0x21adc04>}
[2019-12-10T14:20:32,139][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.12.7.0/10.12.7.24", :event=>#<LogStash::Event:0x50d8fdeb>}
[2019-12-10T14:20:32,140][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.13.7.0/10.13.7.24", :event=>#<LogStash::Event:0x50d8fdeb>}
[2019-12-10T14:20:32,141][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.12.7.0/10.12.7.24", :event=>#<LogStash::Event:0x4119464f>}
[2019-12-10T14:20:32,142][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.13.7.0/10.13.7.24", :event=>#<LogStash::Event:0x4119464f>}
[2019-12-10T14:20:32,143][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.12.7.0/10.12.7.24", :event=>#<LogStash::Event:0x5dbd29a8>}
[2019-12-10T14:20:32,144][WARN ][logstash.filters.cidr    ] Invalid IP network, skipping {:network=>"10.13.7.0/10.13.7.24", :event=>#<LogStash::Event:0x5dbd29

My error.

what I want is it should add tag if my Ip is in the specified range if ip.txt file

That's not the right notation for CIDR. You need two CIDR patterns, 10.12.7.0/28 (which includes 0 to 15) and 10.12.7.16/29 (which includes 16 to 23). Together they include 24 addresses. If you really want .24 as the 25th address then you need a third -- 10.12.7.24/32.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.