[filtermod] Resolve time issue in acs (#613)

* [filtermod] Resolve time issue in acs ACS more often than not does not send a better time than BSD time field so do not attempt to use it * Update lp-cisco_acs.conf.tmpl
CSVD · Aug 7, 2020 · 11496c0 · 11496c0
1 parent b71a27d
commit 11496c0
Showing 1 changed file with 0 additions and 18 deletions.
diff --git a/package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl
@@ -37,23 +37,6 @@ parser acs_grouping {
     );
 };
 
-#The syslog message includes a date with milliseconds and TZ which is not in the header
-#So must reparse the date
-
-parser acs_event_time {
-    csv-parser(
-        columns(ACS.DATE, ACS.TIME, ACS.TZ, MESSAGE)
-        delimiters(chars(" "))
-        flags(greedy)
-    );
-
-    date-parser-nofilter(
-            #YYYY- MM-DD hh:mm:ss:xxx +/-zh:zm
-            format('%Y-%m-%d %H:%M:%S.%f %z')
-            template("${ACS.DATE} ${ACS.TIME} ${ACS.TZ}")
-    );
-};
-
 log {
     junction {
 {{- if or (or (getenv  (print "SC4S_LISTEN_CISCO_ACS_TCP_PORT")) (getenv  (print "SC4S_LISTEN_CISCO_ACS_UDP_PORT"))) (getenv  (print "SC4S_LISTEN_CISCO_ACS_TLS_PORT")) }}
@@ -83,7 +66,6 @@ log {
 
     if {
         filter(f_cisco_acs_complete);
-        parser(acs_event_time);
         rewrite {
             set("cisco_acs", value("fields.sc4s_vendor_product"));
             r_set_splunk_dest_default(sourcetype("cisco:acs"))