From b04dcae03777c193dca50cfa0147336485fd9e23 Mon Sep 17 00:00:00 2001 From: Hailey Clark Date: Mon, 22 Nov 2021 03:19:18 -0800 Subject: [PATCH] Fixing some regex... but I still think something is wrong with it. --- parsers/s01-parse/freeswitch.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/parsers/s01-parse/freeswitch.yaml b/parsers/s01-parse/freeswitch.yaml index 84fe7b5..c59a12a 100644 --- a/parsers/s01-parse/freeswitch.yaml +++ b/parsers/s01-parse/freeswitch.yaml @@ -4,15 +4,12 @@ name: haileyxb/freeswitch description: "Parse Freeswitch logs" filter: evt.Parsed.program == 'freeswitch' pattern_syntax: - FS_TIMESTAMP: '202[1-2]-[0-1][0-9]-[0-1]\d \d\d:\d\d:\d\d.\d+' + FS_TIMESTAMP: '\d{4}-\d{2}-\d{2} \d\d:\d\d:\d\d.\d{6}' FS_EXTENSION: '\[[0-9a-zA-Z]+@[0-9a-zA-Z.]+\]' nodes: - grok: pattern: ^%{FS_TIMESTAMP:timestamp} \[WARNING\]sofia_reg.c:1739 SIP auth failure (REGISTER) on sofia profile 'internal' for %{FS_EXTENSION:fs_exten} from ip %{IP:source_ip}$ apply_on: message - - grok: - pattern: ^%{FS_TIMESTAMP:timestamp} \[WARNING\]sofia_reg.c:2930 Can\'t find user %{FS_EXTENSION:fs_exten} from %{IP:source_ip}$ - apply_on: message statics: - meta: log_type value: freeswitch_failed_auth