Hi,
How to get alert if credit card information is visible in logs.
I am not able to get stuff for it.
Thanks
Hey,
this is impossible to answer if you dont provide any information. Please provide (in a verbose way!) your intention, the data model you are working on, your queries to find credit card information, your watches etc. There is no possible way to guess any of these. Thank you
--Alex
Hi,
Actually i am new in xpack.
i want alert if credit card no is visible in my log message.
my basic logic is if there is any 16 digit no in logs message that no might be credit card no.
also may be xpack providing in build api for detecting credit card information check this link --> https://www.elastic.co/products/x-pack/alerting they have mention in down
"Credit card numbers are visible in your application logs"
but not able to find any data in doc related to it to implement it.
my log message is like --> 10/01/2017 04:05:59 TRACE - [com.hns.iag.sm.dao.oracle.OraOrderDAO] 5423650268430311 credit card no for order id 28142272
let me know if you can help me.
Thanks
Hey,
the listing over there is just an example of what you can do with it. If you have a log message like the above, you would need to implement a search that finds those kind of log lines - i.e. searching for credit card in your logs could already reveal such log lines. But maybe you want to step further and actually use a regular expression search and find the concrete format that is logged - this all depends on your use-case.
In order to write a watch that alerts on such things you need to
- Write a regular query that finds exactly what you are looking for (this is independent from alerting)
- Use the above query in a watch
- Decide how alerting should look like. Do you want to be alerted for each entry, is one alerting for a group of entries sufficient, etc...
Hope this makes sense.
--Alex
thanks alex.
can you give demo sample for watch to use regular expression.
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.