You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.
GET http://127.0.0.1:9200/nxapi/events/_search [status:200 request:0.018s]
# example.com 52.89% (total:11775/22264)
...
# Top URI(s) :
GET http://127.0.0.1:9200/nxapi/events/_search [status:200 request:0.041s]
# /foo 22.1% (total:2602/11775)
but when I try to generate rules using nxtool.py -c nxapi.json -s example.com -f --filter 'uri /foo' --slack I get:
GET http://127.0.0.1:9200/ [status:200 request:0.006s]
# size :1000
GET http://127.0.0.1:9200/nxapi/events/_search [status:200 request:0.024s]
No hits for this filter.
Any idea what I'm doing wrong?
The text was updated successfully, but these errors were encountered:
Ah, looks like nxtool.py doesn't like being called with a nxapi.json config file that lives outside the path from where nxtool.py is found. Steps to reproduce:
# This example assumes that naxsi has been git cloned to ~/src/naxsi and elastic search has already been
# populated from an error.log
cd ~/src/naxsi
# this will work and output rules
./nxtool.py -c nxapi.json -s example.com -f --filter 'uri /foo' --slack
# this will fail with "No hits for this filter." even though there is a ~/some/project/folder/nxapi.json
cd ~/some/project/folder
~/src/naxsi/nxtool.py -c ~/some/project/folder/nxapi.json -s example.com -f --filter 'uri /foo' --slack
# this will work, because it's pointing at the ~/src/naxsi/nxapi/nxapi.json config file and not at the one
# in ~/some/project/folder
cd ~/some/project/folder
~/src/naxsi/nxtool.py -c ~/src/naxsi/nxapi/nxapi.json -s example.com -f --filter 'uri /foo' --slack
I did a bit of print debugging - it's because you either need to have the tpl folder copied to the new location, or you need ensure that the nxapi.json has a full path to the tpl folder. Not sure it's a bug after all - just needs to be a bit clearer about the dependence on the tpl folder
I imported my error logs, and I can query stats:
but when I try to generate rules using
nxtool.py -c nxapi.json -s example.com -f --filter 'uri /foo' --slack
I get:Any idea what I'm doing wrong?
The text was updated successfully, but these errors were encountered: