diff --git a/includes/syslog.php b/includes/syslog.php index 79e4b5b53d..e0fae7bfc9 100644 --- a/includes/syslog.php +++ b/includes/syslog.php @@ -54,12 +54,11 @@ function process_syslog($entry, $update) { if (in_array($os, array('ios', 'iosxe', 'catos'))) { // multipart message if(strpos($entry['msg'], ':') !== false) { - /* Split the following examples - * %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text - * %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text - */ $matches = array(); - if(preg_match('/^(?%?[A-Za-z\d\-_]+(:[A-Z]* %[A-Z\d\-_]+)?): ?(?.*)/', $entry['msg'], $matches)) { + $timestamp_prefix = '([A-Z][a-z]{2} \d\d? \d\d:\d\d:\d\d(.\d\d\d [A-Z]{3})?: )?'; + $program_match = '(?%?[A-Za-z\d\-_]+(:[A-Z]* %[A-Z\d\-_]+)?)'; + $message_match = '(?.*)'; + if(preg_match('/^' . $timestamp_prefix . $program_match . ': ?' . $message_match . '/', $entry['msg'], $matches)) { $entry['program'] = $matches['program']; $entry['msg'] = $matches['msg']; } diff --git a/tests/SyslogTest.php b/tests/SyslogTest.php index 122489996e..40c87e7c13 100644 --- a/tests/SyslogTest.php +++ b/tests/SyslogTest.php @@ -43,6 +43,14 @@ class SyslogTest extends \PHPUnit_Framework_TestCase "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text||", array('device_id'=>1, 'program'=>'%FACILITY-SUBFACILITY-SEVERITY-MNEMONIC', 'msg'=>'Message-text') ); + $testdata[] = $this->createData( + "1.1.1.1||local7||info||info||be||2016-03-09 03:58:25||Mar 9 11:58:24.145 UTC: %SEC-6-IPACCESSLOGS: list MNGMNT denied 120.62.186.12 1 packet ||]", + array('device_id'=>1, 'program'=>'%SEC-6-IPACCESSLOGS', 'msg'=>'list MNGMNT denied 120.62.186.12 1 packet') + ); + $testdata[] = $this->createData( + "1.1.1.1||local7||info||info||be||2016-04-27 021:12:28||Apr 27 21:12:28: %SYS-5-CONFIG_I: Configured from console by vty0||", + array('device_id'=>1, 'program'=>'%SYS-5-CONFIG_I', 'msg'=>'Configured from console by vty0') + ); // ---- CatOS ---- $testdata[] = $this->createData(