Skip to content

Commit

Permalink
Fix 5424 preprocessor
Browse files Browse the repository at this point in the history 
* Refine 5424 preprocessor to allow all printable ASCII characters for `APPNAME`, `PROCID`, and `MSGID`.
  • Loading branch information
Mark Bonsack committed Apr 13, 2020
1 parent 09ce08a commit 2ffd322
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package/etc/conf.d/conflib/_common/syslog_format.conf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
filter f_rfc5424_strict{
message('^\<(?<PRI>\d+)\>(?<VERSION>\d{1,2})? (?<YEAR>\d+)-(?<MONTH>\d+)-(?<DAY>\d+)T(?<HOUR>\d+):(?<MINUTE>\d+):(?<SECOND>\d+)(?:\.(?<MILLISECONDS>\d+))?(?<OFFSET>Z|[\+-] *\d+:\d+) (?<HOSTNAME>(-)|[^ ]+) (?<APPNAME>(?:-)|\w+) (?<PROCID>(?:-)|\w+) (?<MSGID>(?:-)|\w+) *(?<STRUCDATA>(?:-)|\[.*?\]) *(?<MSG>(?:-)| .*)?$');
message('^\<(?<PRI>\d+)\>(?<VERSION>\d{1,2})? (?<YEAR>\d+)-(?<MONTH>\d+)-(?<DAY>\d+)T(?<HOUR>\d+):(?<MINUTE>\d+):(?<SECOND>\d+)(?:\.(?<MILLISECONDS>\d+))?(?<OFFSET>Z|[\+-] *\d+:\d+) (?<HOSTNAME>(-)|[^ ]+) (?<APPNAME>(?:-)|[!-~]+) (?<PROCID>(?:-)|[!-~]+) (?<MSGID>(?:-)|[!-~]+) *(?<STRUCDATA>(?:-)|\[.*?\]) *(?<MSG>(?:-)| .*)?$');
};
filter f_rfc5424_noversion{
message('^(?<SYSLOGMSG>(?<HEADER>(?<PRI><\d{1,3}>) ?(?<TIMESTAMP>(?<FULLDATE>(?<FULLDATEYEAR>\d{4})-(?<FULLDATEMONTH>\d\d)-(?<FULLDATEDAY>\d\d))T(?<FULLTIME>(?<PARTIALTIME>(?<TIMEHOUR>[0-2]\d):(?<TIMEMINUTE>[0-5]\d):(?<TIMESECOND>[0-5]\d)(?:.(?<TIMESECFRAC>\d{1,6}))?)(?<TIMEOFFSET>Z|(?<TIMENUMOFFSET>[+\-][0-2]\d:[0-5]\d))))))');
Expand Down

0 comments on commit 2ffd322

Please sign in to comment.