Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Regex to find credentials in NLS

https://support.nagios.com/forum/viewtopic.php?t=52942

Page 1 of 1

Regex to find credentials in NLS

Posted: Mon Mar 11, 2019 10:08 pm
by apawar
For string: ""keys\":{\"onlineID\":\"*****\",\"passcode\":\"*****\"}"
I have created regex onlineId\":"[\w+]{1,12} for finding online ID & password, it is working fine over code writer & text parsing tool, but when I tried it on NLS it is not working as expected, NLS just shows me blank page.

It supposed to be trigger when there is userdata inplace of "*"(asterisk)

Can someone help me on this to create regex on NLS ??? :ugeek: :roll:

Re: Regex to find credentials in NLS

Posted: Wed Mar 13, 2019 11:46 am
by npolovenko
Hello, @apawar. The problem is that elasticsearch doesn't store the whole string combined, but instead it separates each word into its own keyword. So the regex filter for onlineID + "some string" won't be able to find any matches.
https://www.elastic.co/guide/en/elastic ... lyzer.html

Let's try the following workaround using Log Server filters. Find one of the onlineid events on the dashboard and click on magnifying glass to create a new filter out of the onlineID\":\"*****\",\"passcode\":\"*****\" message.
Untitled2.png
Then find the newly created filter and change the query to:
"keys\":{\"onlineID\":"*", \"passcode\":"*"}"
Untitled.png
Let me know if this works for you.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited