Update cisco_syslog.conf

CSVD · May 26, 2020 · 36de432 · 36de432
1 parent f346f9c
commit 36de432
Showing 1 changed file with 25 additions and 24 deletions.
diff --git a/package/etc/conf.d/filters/cisco/cisco_syslog.conf b/package/etc/conf.d/filters/cisco/cisco_syslog.conf
@@ -43,30 +43,7 @@ parser cisco-parser-ex{
                 );
             };
         } elif {
-            #Cisco IOS-XR devices with node-id format
-            filter {                
-                message('^<\d*>(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )(?:[^:]*: )((?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})): ((\%[^\: ]+)\:? ?.*)' flags(store-matches));
-            };
-
-            parser { date-parser-nofilter(format(
-                '%b %d %H:%M:%S.%f'
-                )
-                template("$4"));
-            };
-
-            rewrite {
-                set(
-                    "${2}",
-                    value("HOST")                
-
-                );            
-                set(
-                    "${5}",
-                    value("MESSAGE")                
-                );
-            };
-        } else {
-            # All other cisco syslog
+            #Cisco IOS Other
             filter {
                 message('^<\d*> ?(?:(\d+)\: )?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(\d+): )?(?:(\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?((?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?( [AP]M)?)( [A-Za-z]{3,3} )?)? ?((?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: ((\%[^\: ]+)\:? ?.*)'
                 flags(store-matches));
@@ -105,6 +82,30 @@ parser cisco-parser-ex{
                 '%b %d %Y %H:%M:%S')
                 template("$8"));
             };
+        } else {
+            #Cisco AireOS format
+            filter {                
+                message('^<\d*>(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )(?:[^:]*: )((?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})): ((\%[^\: ]+)\:? ?.*)' flags(store-matches));
+            };
+
+            parser { date-parser-nofilter(format(
+                '%b %d %H:%M:%S.%f'
+                )
+                template("$4"));
+            };
+
+            rewrite {
+                set(
+                    "${2}",
+                    value("HOST")                
+
+                );            
+                set(
+                    "${5}",
+                    value("MESSAGE")                
+                );
+            };            
+
         };
     };
 };