Update ios.conf

CSVD · Mar 4, 2020 · f779935 · f779935
1 parent 1e94d7f
commit f779935
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/package/etc/conf.d/filters/cisco/ios.conf b/package/etc/conf.d/filters/cisco/ios.conf
@@ -63,17 +63,25 @@ parser cisco-parser-ex{
     channel {
         filter {
             #message('^<\d*>(?:(?<ciscoseq>\d+)\: )?(?:(?<HOST>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(?<ciscorule>\d+): )?(?:(?<ciscotimereliable>\*)?(?<ciscotime>(?<time>\w\w\w {1,2}\d{1,2} \d\d:\d\d:\d\d)(?<ciscofrac>\.\d{3,6})? ?(?<ciscotz>\w+)?): )?(?:(?<ciscouptime>\d\d:\d\d:\d\d|\d{1,6} \d{1,2}): )?(?<cisomsg>(?<ciscoprogram>%.{2,15}\-\d{1,3}\-[^:]{3,}): (?<ciscodescription>.*))' flags(store-matches));            
-            message('^<\d*>(?:(\d+)\: )?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(\d+): )?(?:(\*)?((\w\w\w {1,2}\d{1,2} \d\d:\d\d:\d\d)(\.\d{3,6})? ?(?<tz>\w+)?): )?(?:(\d\d:\d\d:\d\d|\d{1,6} \d{1,2}): )?(%.{2,15}\-\d{1,3}\-[^:]{3,}): (.*)' flags(store-matches));            
+            message('^<\d*>(?:(\d+)\: )?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(\d+): )?(?:(\*)?((\w\w\w {1,2}\d{1,2} \d\d:\d\d:\d\d)(\.\d{3,6})? ?(\w+)?): )?(?:(\d\d:\d\d:\d\d|\d{1,6} \d{1,2}): )?(%.{2,15}\-\d{1,3}\-[^:]{3,}): (.*)' flags(store-matches));            
         };        
         if {
+            #Mar  4 11:45:20
+            #Apr 29 13:58:46.000001
+            #Apr 29 13:58:46.411
+            #Mar  1 18:48:50.483 UTC
             parser {
-                date-parser(format('%b %d %I:%M:%S %p.%f',
-                                            '%b %d %I:%M:%S %p',
+                         date-parser(format('%b %d %I:%M:%S %p.%f',
+                                            '%b %d %I:%M:%S %p',                                            
                                             '%b %d %H:%M:%S.%f',
                                             '%b %d %H:%M:%S',
+                                            '%b %d %H:%M:%S %Z',
                                             '%b %d %Y %H:%M:%S.%f',
+                                            '%b %d %Y %H:%M:%S.%f %Z',
                                             '%b %d %Y %H:%M:%S')
-                                    template("$7"));
+                        template("$7")                        
+                        flags(guess-timezone)
+                );
             };
         };
         rewrite {
@@ -82,7 +90,7 @@ parser cisco-parser-ex{
                 value("HOST")                
                 condition(match('..' value('4')))
             );            
-            set(
+            set(        
                 "$12",
                 value("PROGRAM")                
             );