From 88eb5b1d617ad1455ae39e015ade003d7d28ae41 Mon Sep 17 00:00:00 2001 From: doug Date: Fri, 19 Feb 2021 08:02:32 -0500 Subject: [PATCH] Update syslog ingest parser to accomodate pfSense filterlog changes #3033 --- salt/elasticsearch/files/ingest/syslog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/syslog b/salt/elasticsearch/files/ingest/syslog index b08a62187..367dcebe7 100644 --- a/salt/elasticsearch/files/ingest/syslog +++ b/salt/elasticsearch/files/ingest/syslog @@ -17,7 +17,7 @@ { "field": "message", "patterns": [ - "^<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}$", + "^<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}(\\[%{DATA:pid}\\])?: %{GREEDYDATA:real_message}$", "^%{SYSLOGTIMESTAMP:syslog.timestamp} %{SYSLOGHOST:syslog.host} %{SYSLOGPROG:syslog.program}: CEF:0\\|%{DATA:vendor}\\|%{DATA:product}\\|%{GREEDYDATA:message2}$" ], "ignore_failure": true