bitsofinfo
diff --git a/‎2010_filter_section_a_parse.conf‎
Lines changed: 2 additions & 3 deletions b/‎2010_filter_section_a_parse.conf‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎logstash_modsecurity_patterns‎
Lines changed: 0 additions & 1 deletion b/‎logstash_modsecurity_patterns‎
Lines changed: 0 additions & 1 deletion
@@ -6,9 +6,8 @@ filter {
     #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     grok {
       match => {
-        "rawSectionA" => "\[%{L1_TIMESTAMP:modsec_timestamp}\] %{DATA:uniqueId} %{IP:sourceIp} %{INT:sourcePort} %{IP:destIp} %{INT:destPort}"
+        "rawSectionA" => "\[(?<modsec_timestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} [-\+]{1,2}%{INT})\] %{DATA:uniqueId} %{IP:sourceIp} %{INT:sourcePort} %{IP:destIp} %{INT:destPort}"
       }
-      patterns_dir => "./patterns/logstash_modsecurity_patterns"
     }
   }
-}
+}
Original file line number	Diff line number	Diff line change
`@@ -6,9 +6,8 @@ filter {`
`6`	`6`	`#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
`7`	`7`	`grok {`
`8`	`8`	`match => {`
`9`		`- "rawSectionA" => "\[%{L1_TIMESTAMP:modsec_timestamp}\] %{DATA:uniqueId} %{IP:sourceIp} %{INT:sourcePort} %{IP:destIp} %{INT:destPort}"`
	`9`	`+ "rawSectionA" => "\[(?<modsec_timestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} [-\+]{1,2}%{INT})\] %{DATA:uniqueId} %{IP:sourceIp} %{INT:sourcePort} %{IP:destIp} %{INT:destPort}"`
`10`	`10`	`}`
`11`		`- patterns_dir => "./patterns/logstash_modsecurity_patterns"`
`12`	`11`	`}`
`13`	`12`	`}`
`14`		`-}`
	`13`	`+}`