[filtermod] cisco date parser issues (#611)

* [filtermod] cisco date parser issues False error reported when cisco device sends uptime device reported time errors will now use the indexed field cisco_time_error Add micro seconds format without year * Update cisco_syslog.conf Use cisco time even when wrong
CSVD · Aug 7, 2020 · 8f7fa8d · 8f7fa8d
1 parent 11496c0
commit 8f7fa8d
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/package/etc/conf.d/filters/cisco/cisco_syslog.conf b/package/etc/conf.d/filters/cisco/cisco_syslog.conf
@@ -102,17 +102,24 @@ parser cisco-parser-ex{
                 filter {
                     match('^(\*|\.)$' value("7"));
                 };
-                rewrite { set("cisco reported time error : ${8}" value("fields.sc4s_error")); };
-            } else {
-                parser { date-parser-nofilter(format(
-                    '%b %d %H:%M:%S.%f',
-                    '%b %d %H:%M:%S',
-                    '%b %d %I:%M:%S %p.%f',
-                    '%b %d %I:%M:%S %p',
-                    '%b %d %Y %H:%M:%S.%f',
-                    '%b %d %Y %H:%M:%S')
-                    template("$8"));
-                };                
+                rewrite { set("cisco reported time error : ${7}" value("fields.cisco_time_error"));
+            };
+            if {
+                if {
+                    filter {
+                        match('^\w\w\w' value("8"));
+                    };
+                    parser { date-parser-nofilter(format(
+                        '%b %d %H:%M:%S.%f',
+                        '%b %d %H:%M:%S',
+                        '%b %d %I:%M:%S %p.%f',
+                        '%b %d %I:%M:%S %p',
+                        '%b %d %Y %H:%M:%S.%f',
+                        '%b %d %H:%M:%S.%f',
+                        '%b %d %Y %H:%M:%S')
+                        template("$8"));
+                    };                
+                };
             };
         } else {
             #Cisco AireOS format