Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Search numbers(IP's) from syslog message field

https://support.nagios.com/forum/viewtopic.php?t=65644

Page 1 of 1

Search numbers(IP's) from syslog message field

Posted: Mon May 08, 2023 5:26 am
by ToniE
Hello,

Anybody knows how to search numbers(IP's) from logtype syslog message field? We noticed that when we create filter where field is message and try to find numbers nothing can be find. If logtype is event log then similar filter work.

br
Toni

Re: Search numbers(IP's) from syslog message field

Posted: Tue Nov 07, 2023 10:57 am
by bbahn
Hello ToniE,

Lucene queries can be very difficult and annoying to sculpt correctly and I understand your frustration. You can use the following query to search for syslogs with an IP address:

Code: Select all

type:syslog AND message:/(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}/
This will match IP addresses in the message section of syslog messages.

Re: Search numbers(IP's) from syslog message field

Posted: Wed Dec 20, 2023 12:25 pm
by ssunga
There is a new natural language feature in Nagios log server that helps for circumstances like this. Head to admin --> global settings --> experimental feature and provide an OpenAI API key.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited