Skip to content

Commit

Permalink
second fix vmware
Browse files Browse the repository at this point in the history
  • Loading branch information
rfaircloth-splunk committed Jan 25, 2020
1 parent 07d756a commit 9bb5a0e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion package/etc/conf.d/conflib/_common/syslog_format.conf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
filter f_rfc5424_strict{
message('^\< *(?<PRI>\d+) *\> *(?<VERSION>\d+)? *(?<YEAR>\d+) *- *(?<MONTH>\d+) *- *(?<DAY>\d+)T(?<HOUR>\d+): *(?<MINUTE>\d+):(?<SECOND>\d+)(?:\.(?<MILLISECONDS>\d+))?(?<OFFSET>Z|(?: *)[\+-] *\d+:\d+) *(?<HOSTNAME>(-)|[^ ]+) *(?<APPNAME>(?:-)|\b\w+\b) *(?<PROCID>(?:-)|\b\w+\b) *(?<MSGID>(?:-)|\b\w+\b) *(?<STRUCDATA>(?:-)|\[.*?\]) *(?<MSG>(?:-)|\b.*)?$');
message('^\<(?<PRI>\d+)\>(?<VERSION>\d{1,2})? (?<YEAR>\d+)-(?<MONTH>\d+)-(?<DAY>\d+)T(?<HOUR>\d+):(?<MINUTE>\d+):(?<SECOND>\d+)(?:\.(?<MILLISECONDS>\d+))?(?<OFFSET>Z|[\+-] *\d+:\d+) (?<HOSTNAME>(-)|[^ ]+) (?<APPNAME>(?:-)|\b\w+\b) (?<PROCID>(?:-)|\b\w+\b) (?<MSGID>(?:-)|\b\w+\b) *(?<STRUCDATA>(?:-)|\[.*?\]) *(?<MSG>(?:-)|\b.*)?$');
};
filter f_rfc5424_noversion{
message('^(?<SYSLOGMSG>(?<HEADER>(?<PRI><\d{1,3}>) ?(?<TIMESTAMP>(?<FULLDATE>(?<FULLDATEYEAR>\d{4})-(?<FULLDATEMONTH>\d\d)-(?<FULLDATEDAY>\d\d))T(?<FULLTIME>(?<PARTIALTIME>(?<TIMEHOUR>[0-2]\d):(?<TIMEMINUTE>[0-5]\d):(?<TIMESECOND>[0-5]\d)(?:.(?<TIMESECFRAC>\d{1,6}))?)(?<TIMEOFFSET>Z|(?<TIMENUMOFFSET>[+\-][0-2]\d:[0-5]\d))))))');
Expand Down
2 changes: 1 addition & 1 deletion tests/test_vmware.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def test_linux_vmware_nsx_ietf(record_property, setup_wordlist, setup_splunk):
host = "testvmw-{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
pid = random.randint(1000, 32000)

mt = env.from_string("{{ mark }}1 {% now 'utc', '%Y-%m-%dT%H:%M:%SZ' %} {{ host }} NSXV NSX - SYSTEM [nsx@6876 comp=\"nsx-manager\" errorCode=\"MP4039\" subcomp=\"manager\"] Connection verification failed for broker '10.160.108.196'. Marking broker unhealthy.\n")
mt = env.from_string("{{ mark }}1 {% now 'utc', '%Y-%m-%dT%H:%M:%SZ' %} {{ host }} NSX - SYSTEM [nsx@6876 comp=\"nsx-manager\" errorCode=\"MP4039\" subcomp=\"manager\"] Connection verification failed for broker '10.160.108.196'. Marking broker unhealthy.\n")
message = mt.render(mark="<144>", host=host, pid=pid)

sendsingle(message)
Expand Down

0 comments on commit 9bb5a0e

Please sign in to comment.