[filter] improve f5 filter logic (#601)

* [filter] Additional severity levels for f5 * [filter] improve f5 matching * Fix indents * Fix indents Co-authored-by: mbonsack <mbonsack@splunk.com>
CSVD · Jul 31, 2020 · 0d29de7 · 0d29de7
1 parent eafca28
commit 0d29de7
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/package/etc/conf.d/filters/f5/bigip.conf.tmpl b/package/etc/conf.d/filters/f5/bigip.conf.tmpl
@@ -3,6 +3,7 @@ filter f_f5_bigip {
     or match('^\[F5@12276' value("SDATA"))
     or program("tmsh")
     or program("mcpd")
+    or program("mprov")
     or program("apmd")
     or program("tmm\d?")
     or program('^f5_irule=')
@@ -16,7 +17,7 @@ filter f_f5_bigip_irule {
 
 filter f_f5_bigip_message {
     message(
-        '^(?i)(<\d+> ?[[:alpha:]]+\s{1,2}\d{1,2} \d\d:\d\d:\d\d )(?:([^\/]+)(?:\/))?([^ ]+) +(?:notice|err|error|warning|info) +?(.*)'
+        '^(?i)(<\d+> ?[[:alpha:]]+\s{1,2}\d{1,2} \d\d:\d\d:\d\d )(?:([^\/ ]+)(?:\/))?([^ ]+) +(?:alert|debug|notice|err|error|warning|info|emerg) +?(.*)'
         flags(store-matches)
     );
 };

diff --git a/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl b/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl
@@ -24,6 +24,7 @@ log {
         filter{
             program("tmsh")
             or program("mcpd")
+            or program("mprov")
             or program("apmd")
             or program("tmm\d?")
         };

diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml
@@ -13,8 +13,7 @@ services:
     build:
       context: ../package
     hostname: sc4s
-    #When this is enabled test_common will fail
-    # command: -det
+    command: -det
     ports:
       - "514"
       - "601"