From 51b6e6e5cab160c2bdc2ae15cec5cf01935acc6b Mon Sep 17 00:00:00 2001 From: Mark Bonsack Date: Fri, 3 Jan 2020 18:24:47 -0800 Subject: [PATCH] Add timestamp parsing to zscaler log path * Add missing timestamp parsing to zscaler log path --- package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl index d70f139..79bcf38 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl @@ -12,6 +12,7 @@ log { source (s_ZSCALER_NSS); {{- end }} + parser { date-parser(format("%Y-%m-%d %H:%M:%S") template('$(substr "$LEGACY_MSGHDR$MSG" "0" "19")')); }; rewrite { set("zscaler_nss", value("fields.sc4s_vendor_product")); subst("^[^\t]+\t", "", value("MESSAGE"), flags("global"));