When using "Lookup IP" how do I not get hits from CIDR ranges?

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own whois
information for an IP address. I’d like to not see tickets that are not
directly related to the IP address for the ticket I’m looking at when I do a
search to see if other tickets about that IP address are received. In other
words I’d like to limit the search to exact matches only. Can I change the
“$type” in the GET to something other than “ip” to make lookuptype not
search inside ranges that match the one IP?

Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

Hello Landon,

I don’t think it’s supported out of the box. However it can be improved.On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own whois
information for an IP address. I’d like to not see tickets that are not
directly related to the IP address for the ticket I’m looking at when I do a
search to see if other tickets about that IP address are received. In other
words I’d like to limit the search to exact matches only. Can I change the
“$type” in the GET to something other than “ip” to make lookuptype not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives

Best regards, Ruslan.

Even if there was some way to stop RTIR from expanding and storing ranges
when creating the ticket that would be fine since there’s really no need for
the range data to be maintained for us. If anyone knows of a way to do this
or where this is done so I can kludge something together that would be
awesome. I find it difficult to trace how things are done when the MTA
calls the URL using the API.On Wed, Oct 7, 2009 at 1:34 AM, Ruslan Zakirov ruslan.zakirov@gmail.comwrote:

Hello Landon,

I don’t think it’s supported out of the box. However it can be improved.

On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own whois
information for an IP address. I’d like to not see tickets that are not
directly related to the IP address for the ticket I’m looking at when I
do a
search to see if other tickets about that IP address are received. In
other
words I’d like to limit the search to exact matches only. Can I change
the
“$type” in the GET to something other than “ip” to make lookuptype not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.

Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

Landon, it’s a scrip and you can just disable it.On Wed, Oct 7, 2009 at 10:44 PM, Landon Stewart lstewart@superb.net wrote:

Even if there was some way to stop RTIR from expanding and storing ranges
when creating the ticket that would be fine since there’s really no need for
the range data to be maintained for us. If anyone knows of a way to do this
or where this is done so I can kludge something together that would be
awesome. I find it difficult to trace how things are done when the MTA
calls the URL using the API.

On Wed, Oct 7, 2009 at 1:34 AM, Ruslan Zakirov ruslan.zakirov@gmail.com wrote:

Hello Landon,

I don’t think it’s supported out of the box. However it can be improved.

On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own whois
information for an IP address. I’d like to not see tickets that are not
directly related to the IP address for the ticket I’m looking at when I
do a
search to see if other tickets about that IP address are received. In
other
words I’d like to limit the search to exact matches only. Can I change
the
“$type” in the GET to something other than “ip” to make lookuptype not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives

Best regards, Ruslan.

I want to record the IP addresses but not the ranges of IP addresses. I’ll
have a look at the scrip and see what I can do.On Wed, Oct 7, 2009 at 8:58 PM, Ruslan Zakirov ruslan.zakirov@gmail.comwrote:

Landon, it’s a scrip and you can just disable it.

On Wed, Oct 7, 2009 at 10:44 PM, Landon Stewart lstewart@superb.net wrote:

Even if there was some way to stop RTIR from expanding and storing ranges
when creating the ticket that would be fine since there’s really no need
for
the range data to be maintained for us. If anyone knows of a way to do
this
or where this is done so I can kludge something together that would be
awesome. I find it difficult to trace how things are done when the MTA
calls the URL using the API.

On Wed, Oct 7, 2009 at 1:34 AM, Ruslan Zakirov <ruslan.zakirov@gmail.com wrote:

Hello Landon,

I don’t think it’s supported out of the box. However it can be improved.

On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own whois
information for an IP address. I’d like to not see tickets that are
not
directly related to the IP address for the ticket I’m looking at when
I
do a
search to see if other tickets about that IP address are received. In
other
words I’d like to limit the search to exact matches only. Can I
change
the
“$type” in the GET to something other than “ip” to make lookuptype not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”:
http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.

Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

I think I’ve done it. I’ve edited
local/plugins/RT-IR/lib/RT/Action/RTIR_FindIP.pm and inserted a line at line
50:

49 while ( my ($addr, $bits) = splice @CIDRs, 0, 2 ) {
50 if ($bits < 32) { exit 0; }
51 my $cidr = join( ‘.’, map $_||0, (split /./, $addr)[0…3] )
.“/$bits”;
52 my $range = (Net::CIDR::cidr2range( $cidr ))[0] or next;
53 $self->AddIP( IP => $range, CustomField => $cf, Skip => %existing
);
54 }On Wed, Oct 7, 2009 at 9:08 PM, Landon Stewart lstewart@superb.net wrote:

I want to record the IP addresses but not the ranges of IP addresses. I’ll
have a look at the scrip and see what I can do.

On Wed, Oct 7, 2009 at 8:58 PM, Ruslan Zakirov ruslan.zakirov@gmail.comwrote:

Landon, it’s a scrip and you can just disable it.

On Wed, Oct 7, 2009 at 10:44 PM, Landon Stewart lstewart@superb.net wrote:

Even if there was some way to stop RTIR from expanding and storing
ranges
when creating the ticket that would be fine since there’s really no need
for
the range data to be maintained for us. If anyone knows of a way to do
this
or where this is done so I can kludge something together that would be
awesome. I find it difficult to trace how things are done when the MTA
calls the URL using the API.

On Wed, Oct 7, 2009 at 1:34 AM, Ruslan Zakirov < ruslan.zakirov@gmail.com> wrote:

Hello Landon,

I don’t think it’s supported out of the box. However it can be
improved.

On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own whois
information for an IP address. I’d like to not see tickets that are
not
directly related to the IP address for the ticket I’m looking at when
I
do a
search to see if other tickets about that IP address are received.
In
other
words I’d like to limit the search to exact matches only. Can I
change
the
“$type” in the GET to something other than “ip” to make lookuptype
not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”:
http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

Re.

“exit 0” is totally incorrect and will break RT. use “next”. Something like:

next unless $bits == 32;On Thu, Oct 8, 2009 at 8:25 AM, Landon Stewart lstewart@superb.net wrote:

I think I’ve done it. I’ve edited
local/plugins/RT-IR/lib/RT/Action/RTIR_FindIP.pm and inserted a line at line
50:

49 while ( my ($addr, $bits) = splice @CIDRs, 0, 2 ) {
50 if ($bits < 32) { exit 0; }
51 my $cidr = join( ‘.’, map $_||0, (split /./, $addr)[0…3] )
.“/$bits”;
52 my $range = (Net::CIDR::cidr2range( $cidr ))[0] or next;
53 $self->AddIP( IP => $range, CustomField => $cf, Skip => %existing
);
54 }

On Wed, Oct 7, 2009 at 9:08 PM, Landon Stewart lstewart@superb.net wrote:

I want to record the IP addresses but not the ranges of IP addresses.
I’ll have a look at the scrip and see what I can do.

On Wed, Oct 7, 2009 at 8:58 PM, Ruslan Zakirov ruslan.zakirov@gmail.com wrote:

Landon, it’s a scrip and you can just disable it.

On Wed, Oct 7, 2009 at 10:44 PM, Landon Stewart lstewart@superb.net wrote:

Even if there was some way to stop RTIR from expanding and storing
ranges
when creating the ticket that would be fine since there’s really no
need for
the range data to be maintained for us. If anyone knows of a way to do
this
or where this is done so I can kludge something together that would be
awesome. I find it difficult to trace how things are done when the MTA
calls the URL using the API.

On Wed, Oct 7, 2009 at 1:34 AM, Ruslan Zakirov ruslan.zakirov@gmail.com wrote:

Hello Landon,

I don’t think it’s supported out of the box. However it can be
improved.

On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges? Some
incident reports included CIDR ranges when they include our own
whois
information for an IP address. I’d like to not see tickets that are
not
directly related to the IP address for the ticket I’m looking at
when I
do a
search to see if other tickets about that IP address are received.
In
other
words I’d like to limit the search to exact matches only. Can I
change
the
“$type” in the GET to something other than “ip” to make lookuptype
not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”:
http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net

Best regards, Ruslan.

Awesome, thank you.On Wed, Oct 7, 2009 at 9:55 PM, Ruslan Zakirov ruslan.zakirov@gmail.comwrote:

Re.

“exit 0” is totally incorrect and will break RT. use “next”. Something
like:

next unless $bits == 32;

On Thu, Oct 8, 2009 at 8:25 AM, Landon Stewart lstewart@superb.net wrote:

I think I’ve done it. I’ve edited
local/plugins/RT-IR/lib/RT/Action/RTIR_FindIP.pm and inserted a line at
line
50:

49 while ( my ($addr, $bits) = splice @CIDRs, 0, 2 ) {
50 if ($bits < 32) { exit 0; }
51 my $cidr = join( ‘.’, map $_||0, (split /./, $addr)[0…3] )
.“/$bits”;
52 my $range = (Net::CIDR::cidr2range( $cidr ))[0] or next;
53 $self->AddIP( IP => $range, CustomField => $cf, Skip =>
%existing
);
54 }

On Wed, Oct 7, 2009 at 9:08 PM, Landon Stewart lstewart@superb.net wrote:

I want to record the IP addresses but not the ranges of IP addresses.
I’ll have a look at the scrip and see what I can do.

On Wed, Oct 7, 2009 at 8:58 PM, Ruslan Zakirov < ruslan.zakirov@gmail.com> wrote:

Landon, it’s a scrip and you can just disable it.

On Wed, Oct 7, 2009 at 10:44 PM, Landon Stewart lstewart@superb.net wrote:

Even if there was some way to stop RTIR from expanding and storing
ranges
when creating the ticket that would be fine since there’s really no
need for
the range data to be maintained for us. If anyone knows of a way to
do
this
or where this is done so I can kludge something together that would
be
awesome. I find it difficult to trace how things are done when the
MTA
calls the URL using the API.

On Wed, Oct 7, 2009 at 1:34 AM, Ruslan Zakirov ruslan.zakirov@gmail.com wrote:

Hello Landon,

I don’t think it’s supported out of the box. However it can be
improved.

On Wed, Oct 7, 2009 at 1:48 AM, Landon Stewart <lstewart@superb.net wrote:

When using “Lookup IP” how do I not get hits from CIDR ranges?
Some
incident reports included CIDR ranges when they include our own
whois
information for an IP address. I’d like to not see tickets that
are
not
directly related to the IP address for the ticket I’m looking at
when I
do a
search to see if other tickets about that IP address are received.
In
other
words I’d like to limit the search to exact matches only. Can I
change
the
“$type” in the GET to something other than “ip” to make lookuptype
not
search inside ranges that match the one IP?


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”:
http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”:
http://www.superbhosting.net


Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives


Best regards, Ruslan.


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net


Best regards, Ruslan.

Landon Stewart LStewart@SUPERB.NET
SuperbHosting.Net by Superb Internet Corp.
Toll Free: 888-354-6128 x 4199 (US/Canada)
Web hosting and more “Ahead of the Rest”: http://www.superbhosting.net