For string: ""keys\":{\"onlineID\":\"*****\",\"passcode\":\"*****\"}"
I have created regex onlineId\":"[\w+]{1,12} for finding online ID & password, it is working fine over code writer & text parsing tool, but when I tried it on NLS it is not working as expected, NLS just shows me blank page.
It supposed to be trigger when there is userdata inplace of "*"(asterisk)
Can someone help me on this to create regex on NLS ???
Regex to find credentials in NLS
Regex to find credentials in NLS
You do not have the required permissions to view the files attached to this post.
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: Regex to find credentials in NLS
Hello, @apawar. The problem is that elasticsearch doesn't store the whole string combined, but instead it separates each word into its own keyword. So the regex filter for onlineID + "some string" won't be able to find any matches.
https://www.elastic.co/guide/en/elastic ... lyzer.html
Let's try the following workaround using Log Server filters. Find one of the onlineid events on the dashboard and click on magnifying glass to create a new filter out of the onlineID\":\"*****\",\"passcode\":\"*****\" message. Then find the newly created filter and change the query to:
https://www.elastic.co/guide/en/elastic ... lyzer.html
Let's try the following workaround using Log Server filters. Find one of the onlineid events on the dashboard and click on magnifying glass to create a new filter out of the onlineID\":\"*****\",\"passcode\":\"*****\" message. Then find the newly created filter and change the query to:
Let me know if this works for you."keys\":{\"onlineID\":"*", \"passcode\":"*"}"
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.