Regex to find credentials in NLS

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
apawar
Posts: 1
Joined: Mon Mar 11, 2019 9:48 pm

Regex to find credentials in NLS

Post by apawar »

For string: ""keys\":{\"onlineID\":\"*****\",\"passcode\":\"*****\"}"
I have created regex onlineId\":"[\w+]{1,12} for finding online ID & password, it is working fine over code writer & text parsing tool, but when I tried it on NLS it is not working as expected, NLS just shows me blank page.

It supposed to be trigger when there is userdata inplace of "*"(asterisk)

Can someone help me on this to create regex on NLS ??? :ugeek: :roll:
You do not have the required permissions to view the files attached to this post.
Top
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Regex to find credentials in NLS

Post by npolovenko »

Hello, @apawar. The problem is that elasticsearch doesn't store the whole string combined, but instead it separates each word into its own keyword. So the regex filter for onlineID + "some string" won't be able to find any matches.
https://www.elastic.co/guide/en/elastic ... lyzer.html

Let's try the following workaround using Log Server filters. Find one of the onlineid events on the dashboard and click on magnifying glass to create a new filter out of the onlineID\":\"*****\",\"passcode\":\"*****\" message.
Untitled2.png
Then find the newly created filter and change the query to:
"keys\":{\"onlineID\":"*", \"passcode\":"*"}"
Untitled.png
Let me know if this works for you.
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios Log Server”