From a8f2448349a6b8e0a59426257c3b76fb56f9dddc Mon Sep 17 00:00:00 2001
From: Steven Hiscocks <steven@hiscocks.me.uk>
Date: Mon, 30 Sep 2013 20:58:24 +0100
Subject: [PATCH] ENH: Allow SE Linux epoch date detection

---
 server/datetemplate.py            | 3 +--
 testcases/datedetectortestcase.py | 1 +
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/datetemplate.py b/server/datetemplate.py
index 0754391b..decaee1c 100644
--- a/server/datetemplate.py
+++ b/server/datetemplate.py
@@ -78,8 +78,7 @@ class DateEpoch(DateTemplate):
 	
 	def __init__(self):
 		DateTemplate.__init__(self)
-		# We already know the format for TAI64N
-		self.setRegex("^\d{10}(\.\d{6})?")
+		self.setRegex("(?:^|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\)))")
 	
 	def getDate(self, line):
 		date = None
diff --git a/testcases/datedetectortestcase.py b/testcases/datedetectortestcase.py
index 8971ecfd..508156ff 100644
--- a/testcases/datedetectortestcase.py
+++ b/testcases/datedetectortestcase.py
@@ -83,6 +83,7 @@ class DateDetectorTest(unittest.TestCase):
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
 			"Jan-23-05 21:59:59", # ASSP like
+			"audit(1106513999.123:987)", # SELinux
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude