Yes, using the Regular Expression match type of an EventSentry event log filter you can get notified when a credit card number appears in an event log message or log file.
Credit Card numbers should never be stored in clear text in any type of log file, whether in a production or test environment. If you monitor your event logs and/or log files with EventSentry, then you can get notified when a credit number is detected and take corrective action.
Setting up an Alert
1. Create a new include event log filter in an existing or new event log package
2. Specify the recipient of the alert (action), usually an email address
3. Specify which logs you want to monitor. You can of course choose to monitor all event logs as well.
4. Add regular expressions for common credit cards (see below)
Regular Expressions
The regular expressions below work for American Express, Visa, MasterCard, Diner's Club and Discover credit cards. The regular expressions support credit numbers in the following permutations:
American Express
.*[^\d]3[47][0-9]{2}[\s-]*[0-9]{6}[\s-]*[0-9]{5}[^\d].*
Visa / MasterCard / Discover
.*[^\d][456][0-9]{3}[\s-]*[0-9]{4}[\s-]*[0-9]{4}[\s-]*[0-9]{4}[^\d].*
Diner's Club
.*[^\d]3[0-9]{3}[\s-]*[0-9]{4}[\s-]*[0-9]{4}[\s-]*[0-9]{2}[^\d].*
The regular expressions listed above been somewhat simplified, more complex and thorough credit card syntax checks are available here.
Log File Monitoring
In order to detect credit card numbers in log files, the log file filter will need to be configured to write every line from the log file to the event log, something that may not be feasible. Starting with EventSentry v3.0, log file filters support regular expressions as well, and the same regular expressions listed above can be configured in log file filters.