syslog4j-graylog2 icon indicating copy to clipboard operation
syslog4j-graylog2 copied to clipboard

Published 20 hours ago verified publisher icon graylog-labs

Fix FortiGate regex parsing fields

Open d-a-n-d-u opened this issue 2 years ago • 1 comments

Fix for Graylog2/graylog2-server#3854

Replaced existing KV_PATTERN and QUOTED_KV_PATTERN with a single regex reusing them with (?:|), it matches both quoted and unquoted fields and avoids creating erroneous fields when the log message has a URL filed like url="/test?field=value".

d-a-n-d-u avatar Oct 12 '23 06:10 d-a-n-d-u

There's also a "Invalid Fortigate syslog message" exception thrown if the log mesage contains a new line, because of the PRI_PATTERN regex, added a fix for that also.

d-a-n-d-u avatar Oct 16 '23 10:10 d-a-n-d-u