Skip to content

Commit

Permalink
Merge pull request #1175 from splunk/fix-cisco-ftd-rfc
Browse files Browse the repository at this point in the history 
fix(cisco_ftd): When cisco FTD wrong source type
  • Loading branch information
Ryan Faircloth authored May 28, 2021
2 parents b7dcb80 + 2436aed commit 455e0be
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions package/etc/conf.d/conflib/syslog/app-cisco_syslog_bsd.conf
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
block parser cisco_syslog_bsd-parser() {
channel {
filter {
message(
'^%(.+)-([0-7])-([^\: ]+)'
match(
'^(%(.+)-([0-7])-([^\: ]+))([: ]) ?(.*)'
flags(store-matches)
value("MESSAGE")
)
};
rewrite {
set("$1" value(".cisco.identifier"));
set("$2" value(".cisco.facility"));
set("$3" value(".cisco.severity"));
set("$4" value(".cisco.mnemonic"));
set("$5" value(".cisco.seperator"));
set("$6" value(".cisco.message"));
};
rewrite {
r_set_splunk_dest_default(
Expand Down

0 comments on commit 455e0be

Please sign in to comment.