CEF: Imperva WAF timestamp parsing (#624)

* CEF: Imperva WAF timestamp parsing fix
CSVD · Aug 8, 2020 · 65d0930 · 65d0930
1 parent 33892d2
commit 65d0930
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
@@ -16,12 +16,20 @@ parser p_cef_header {
 };
 
 parser p_cef_ts_rt {
-    date-parser-nofilter(format('%s.%f','%s')
+    date-parser-nofilter(format(
+                '%s.%f',
+                '%s',
+                '%b %d %H:%M:%S',
+                '%b %d %Y %H:%M:%S')
                 template("${.cef.rt}")
     );
 };
 parser p_cef_ts_end {
-    date-parser-nofilter(format('%s.%f','%s')
+    date-parser-nofilter(format(
+                '%s.%f',
+                '%s',
+                '%b %d %H:%M:%S',
+                '%b %d %Y %H:%M:%S')
                 template("${.cef.end}")
     );
 };