From c84a2e595a80390916a1981f71c775c2906b3080 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sat, 24 Aug 2013 22:55:10 -0400 Subject: [PATCH] ENH(BF): put 'standard' template after more detailed ones with day of week and year otherwise years present in the freshly contributed by Dan apache regexes do not match although should have. I had also to adjust failing now vsftpd test --- ChangeLog | 2 ++ server/datedetector.py | 12 ++++++------ testcases/files/logs/vsftpd | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index edb300558..f06e46a9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -57,6 +57,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests enabled jail. Closes gh-63 * is now enforced to end with an alphanumeric * filter.d/roundcube-auth.conf -- anchored version + * date matching - for standard asctime formats prefer more detailed + first (thus use year if available) Alexander Dietrich * action.d/sendmail-common.conf -- added common sendmail settings file and made the sender display name configurable diff --git a/server/datedetector.py b/server/datedetector.py index 0ed9e00af..0f0feb6db 100644 --- a/server/datedetector.py +++ b/server/datedetector.py @@ -46,12 +46,6 @@ class DateDetector: def addDefaultTemplate(self): self.__lock.acquire() try: - # standard - template = DateStrptime() - template.setName("MONTH Day Hour:Minute:Second") - template.setRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") - template.setPattern("%b %d %H:%M:%S") - self._appendTemplate(template) # asctime template = DateStrptime() template.setName("WEEKDAY MONTH Day Hour:Minute:Second Year") @@ -64,6 +58,12 @@ class DateDetector: template.setRegex("\S{3} \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") template.setPattern("%a %b %d %H:%M:%S") self._appendTemplate(template) + # standard - most loose from above 3 so by default follows after + template = DateStrptime() + template.setName("MONTH Day Hour:Minute:Second") + template.setRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") + template.setPattern("%b %d %H:%M:%S") + self._appendTemplate(template) # simple date template = DateStrptime() template.setName("Year/Month/Day Hour:Minute:Second") diff --git a/testcases/files/logs/vsftpd b/testcases/files/logs/vsftpd index f3fb997f6..ac6d04546 100644 --- a/testcases/files/logs/vsftpd +++ b/testcases/files/logs/vsftpd @@ -5,6 +5,6 @@ Oct 11 01:06:47 ServerJV vsftpd: (pam_unix) authentication failure; logname= uid Feb 6 12:02:29 server vsftpd(pam_unix)[15522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=64.168.103.1 user=user1 #2 Internal -# failJSON: { "time": "2005-01-19T12:20:33", "match": true , "host": "64.106.46.98" } +# failJSON: { "time": "2007-01-19T12:20:33", "match": true , "host": "64.106.46.98" } Fri Jan 19 12:20:33 2007 [pid 27202] [anonymous] FAIL LOGIN: Client "64.106.46.98"