maestro-add-blacklist
Adds an IP address to a Logpresso Maestro address group. You can register IP addresses in a blocklist to use them in network blocking policies.
Command properties
| Item | Description |
|---|---|
| Command type | Driver query |
| Required permission | User |
| License usage | Non-licensed command |
| Parallel execution | Not supported |
| Distributed execution | Not supported |
Syntax
maestro-add-blacklist group=GUID ip=ip_address [description=description] [period=minutes]
Options
group=GUID- GUID of the address group to add the IP address to. Required option.
ip=ip_address- IP address to add to the address group. Required option.
description=description- Reason or description for adding the IP address.
period=minutes- Retention period (minutes). Determines the expiration time based on the current time. Specify as an integer in the range 1–52,560,000 (100 years). If omitted, the entry is retained without expiration.
Error codes
Parse errors
| Error code | Message | Description |
|---|---|---|
300601 | group option is required. | When the group option is not specified |
300602 | ip option is required. | When the ip option is not specified |
300603 | Address group GUID format is invalid. | When the address group GUID format is invalid |
300604 | IP address format is invalid. | When the IP address format is invalid |
300605 | Period must be specified as an integer between 1 and 52560000. | When the period value is outside the valid range |
Description
Adds an IP address to the specified address group. When a retention period is set with the period option, the entry automatically expires after that period. For each input record passed through the pipeline, an IP addition is performed and the record is output as-is.
Examples
-
Add an IP to the blocklist
| makeresults | maestro-add-blacklist group="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" ip=192.0.2.100 description="공격 탐지" period=1440Adds the IP to the specified address group in the blocklist for 24 hours (1,440 minutes).
-
Bulk block detected malicious IPs
table sonar_event_00001 | search rule_id == 1001 | stats dc(src_ip) as cnt, values(src_ip) as ips | explode ips | rename ips as ip | maestro-add-blacklist group="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" ip=$(ip) description="자동 차단" period=10080Blocks source IPs detected by a specific rule for 7 days (10,080 minutes).