ENH: Allow SE Linux epoch date detection

2013-09-30 20:58:24 +01:00 · 2013-09-30 20:58:24 +01:00 · a8f2448349
parent eaba732d5b
commit a8f2448349
2 changed files with 2 additions and 2 deletions
--- a/server/datetemplate.py
+++ b/server/datetemplate.py
@ -78,8 +78,7 @@ class DateEpoch(DateTemplate):
 	
 	def __init__(self):
 		DateTemplate.__init__(self)
-		# We already know the format for TAI64N
-		self.setRegex("^\d{10}(\.\d{6})?")
+		self.setRegex("(?:^|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\)))")
 	
 	def getDate(self, line):
 		date = None
--- a/testcases/datedetectortestcase.py
+++ b/testcases/datedetectortestcase.py
@ -83,6 +83,7 @@ class DateDetectorTest(unittest.TestCase):
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
 			"Jan-23-05 21:59:59", # ASSP like
+			"audit(1106513999.123:987)", # SELinux
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude