Rewrite lss for tighter filtering

* Rewrite `lp-zscaler_lss` for tighter filtering
CSVD · Apr 21, 2020 · 56aaf66 · 56aaf66
1 parent f7e143f
commit 56aaf66
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/package/etc/conf.d/log_paths/lp-zscaler_lss.conf.tmpl b/package/etc/conf.d/log_paths/lp-zscaler_lss.conf.tmpl
@@ -10,24 +10,35 @@ log {
         channel {
         # Listen on the specified dedicated port(s) for ZSCALER_LSS traffic
             source (s_ZSCALER_LSS);
+            parser {
+                #.jsonLog.Timestamp Mar 04 20:37:53 2020
+                date-parser-nofilter(
+                format('%a %b %d %H:%M:%S %Y',
+                       '%a %b %d %k:%M:%S %Y')
+                template("${.json.LogTimestamp}")
+                );
+            };
             flags (final);
 	    };
 {{- end}}
         channel {
         # Listen on the default port (typically 514) for ZSCALER_LSS traffic
             source (s_DEFAULT);
             filter(f_msg_is_tcp_json);
+            parser {
+                #.jsonLog.Timestamp Mar 04 20:37:53 2020
+                date-parser(
+                format('%a %b %d %H:%M:%S %Y',
+                       '%a %b %d %k:%M:%S %Y')
+                template("${.json.LogTimestamp}")
+                time-zone({{- getenv "SC4S_DEFAULT_TIMEZONE" "GMT"}})
+                flags(guess-timezone)
+                );
+            };
             flags(final);
         };
     };
-    parser {
-        #.jsonLog.Timestamp Mar 04 20:37:53 2020
-        date-parser-nofilter(
-        format('%a %b %d %H:%M:%S %Y',
-               '%a %b %d %k:%M:%S %Y')
-               template("${.json.LogTimestamp}")
-               );
-    };
+
     if {
         filter {
             match('.' value('.json.ClientZEN'))