Search numbers(IP's) from syslog message field

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Post Reply
ToniE
Posts: 1
Joined: Mon May 08, 2023 5:20 am

Search numbers(IP's) from syslog message field

Post by ToniE »

Hello,

Anybody knows how to search numbers(IP's) from logtype syslog message field? We noticed that when we create filter where field is message and try to find numbers nothing can be find. If logtype is event log then similar filter work.

br
Toni
bbahn
Posts: 85
Joined: Thu Jan 12, 2023 5:42 pm

Re: Search numbers(IP's) from syslog message field

Post by bbahn »

Hello ToniE,

Lucene queries can be very difficult and annoying to sculpt correctly and I understand your frustration. You can use the following query to search for syslogs with an IP address:

Code: Select all

type:syslog AND message:/(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}/
This will match IP addresses in the message section of syslog messages.
February: Fostering a fruitful forum with fun formulations. Fear not for our fellowship of friendly fellows will fervently find fixes for flaws found on this forum. Feel free to follow-up with feedback if I fail to fulfill my function fully.
ssunga
Posts: 32
Joined: Wed Aug 09, 2023 10:38 am

Re: Search numbers(IP's) from syslog message field

Post by ssunga »

There is a new natural language feature in Nagios log server that helps for circumstances like this. Head to admin --> global settings --> experimental feature and provide an OpenAI API key.
Post Reply