I am attempting to whitelist a range of IP addresses in my serverclass.conf but it doesn't seem to be working. This is the regex that I came up with to match IP Addresses between 10.0.0.0 and 10.49.255.255.
AFAIK, You can't use a regex in a serverclass.conf whitelist. The spec file does not show this as being valid.
whitelist.<n> = <clientName> | <ip address> | <hostname> blacklist.<n> = <clientName> | <ip address> | <hostname> * 'n' is a number starting at 0, and increasing by 1. Stop looking at the filter when 'n' breaks. * The value of this attribute is matched against several things in order: * Any clientName specified by the client in its deploymentclient.conf file * The ip address of the connected client * The hostname of the connected client as provided by reverse DNS lookup * The hostname of the client as provided by the client * All of these can be used with wildcards. * will match any sequence of characters. For example: * Match an network range: 10.1.1.* * Match a domain: *.splunk.com * These patterns are PCRE regular expressions with the additional mappings: * '.' is mapped to '\.' * '*' is mapped to '.*' * Can be overridden at the serverClass level, and the serverClass:app level. * There are no whitelist or blacklist entries by default.
notice: with the additional mappings. Meaning, it is a regex, but not PCRE compliant, which means I think you're going to run into unexpected behaviors trying to use PCRE straight up in the conf file.
I am not sure what your question is, exactly, but here is a great reference for regular expressions. I've linked to the page with an example for IP addresses.
Specifically, I think the following would match what you want: