Merge pull request #373 from kwirk/selinux-epoch

ENH: Allow SE Linux epoch date detection

server/datetemplate.py

@@ -78,8 +78,7 @@ class DateEpoch(DateTemplate):
 	
 	def __init__(self):
 		DateTemplate.__init__(self)
-		# We already know the format for TAI64N
-		self.setRegex("^\d{10}(\.\d{6})?")
+		self.setRegex("(?:^|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\)))")
 	
 	def getDate(self, line):
 		date = None

testcases/datedetectortestcase.py

@@ -83,6 +83,7 @@ class DateDetectorTest(unittest.TestCase):
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
 			"Jan-23-05 21:59:59", # ASSP like
+			"audit(1106513999.123:987)", # SELinux
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude