Timestamp processor bug fix

David Gómez Matarrodona · David Gómez Matarrodona · commit bcdec3d2df1a · 2021-09-27T11:13:55.000+02:00
diff --git a/examples/config/test050_keyval.json b/examples/config/test050_keyval.json
@@ -0,0 +1,54 @@
+{
+	"config" : {
+		"datadir" : "/tmp/nsyslog",
+		"input" : {"buffer" : 100}
+	},
+
+	"inputs" : {
+		"lines" : {
+			"type" : "static",
+			"config" : {
+				"loop" : false,
+				"lines" : [
+					"<22>date=2021-09-23 time=15:44:16.257 device_id=FE200E3A17000421 log_id=0200015528 type=statistics pri=information  session_id=\"18NDPAO7015527-18NDPAO8015527\" client_name=\"\" client_ip=\"10.6.66.201\" client_cc=\"ZZ\" dst_ip=\"10.6.67.2\" from=\"noreply.cav@museodelprado.es\" hfrom=\"noreply.cav@museodelprado.es\" to=\"Enzo.armaroli@gmail.com\" polid=\"7:1:3:museodelprado.es\" domain=\"museodelprado.es\" mailer=\"mta\" resolved=\"FAIL\" src_type=\"int\" direction=\"out\" virus=\"\" disposition=\"Accept\" classifier=\"Not Spam\" message_length=\"1748927\" subject=\"Sus entradas para el Museo del Prado\" message_id=\"6e2e9f20c7374a8fab934dc7bbf36e23@correo01prado.museodelprado.es\" recv_time=\"\" notif_delay=\"0\" scan_time=\"0.081117\" xfer_time=\"1145.342651\" srcfolder=\"\" read_status=\"\""
+				]
+			}
+		}
+	},
+
+	"processors" : {
+		"syslog" : {
+			"type" : "syslogparser",
+			"config" : {}
+		},
+		"parser" : {
+			"type" : "keyvalparser",
+			"config" : {
+				"input" : "${syslog.message.replace(/\\s+/g,' ')}",
+				"output" : "out"
+			}
+		}
+	},
+
+	"transporters" : {
+		"console" : {
+			"type" : "console",
+			"config" : {
+				"format" : "${JSON}",
+				"input" : "${out}",
+				"json" : {
+					"format" : true,
+					"spaces" : 2,
+					"color" : true
+				}
+			}
+		},
+		"null" : {
+			"type" : "null"
+		}
+	},
+
+	"flows" : [
+		{"id":"flow1", "from":"lines", "fork":false, "processors":["syslog","parser"], "transporters":"console"}
+	]
+}
diff --git a/lib/processor/keyvalparser.js b/lib/processor/keyvalparser.js
@@ -83,8 +83,13 @@ if(module.parent) {
 else {
 	//let data = `action:"Accept"; flags:"149764"; ifdir:"inbound"; ifname:"LAN1.4"; loguid:"{0x5ee6ba3c,0x0,0xe820927f,0xc0000000}"; origin:"10.75.204.241"; time:"1592179260"; version:"1"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={7F5BAF71-1C9F-6240-8EC3-1FCB20EED4F1};mgmt=mngfw02;date=1586162511;policy_name=standard_pro\]"; dst:"10.75.8.101"; inzone:"Internal"; origin_sic_name:"CN=FW-POZOBLANCO,O=mngfw02..9xvz8g"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; rule:"77"; rule_uid:"{7D7D774C-2582-4D15-9A26-AE43D8EE3AD7}"; s_port:"63181"; service:"53"; service_id:"domain-udp"; src:"10.75.204.35";`;
 	//let data = `<189>date=2018-11-24 time=22:52:16 devname="FW-C67-1" devid="FG1K5D3I15803580" logid="0201009233" type="utm" subtype="virus" eventtype="analytics" level="information" vd="root" eventtime=1543096336 msg="File submitted to Sandbox." action="analytics" service="HTTP" sessionid=797348764 srcip=10.67.2.34 dstip=136.243.166.107 srcport=4103 dstport=80 srcintf="PRO_WEB" srcintfrole="undefined" dstintf="C67-FOM" dstintfrole="undefined" policyid=267 proto=6 direction="incoming" filename="versions.dat.gz" url="http://upgrade.bitdefender.com/lightav32_47446/versions.dat.gz" profile="VIRUS_FS" agent="downloader" analyticscksum="6307e7a99e8598412eebf0f3ba392d6df065160c0eb26a35b7d32a7c2fad9c10" analyticssubmit="true"`;
+	/*
 	let data = `id=firewall  sn=C0EAE483F254  time=\"2020-10-28 12:07:40\"  fw=213.229.174.68  pri=6 c=262144 m=98  msg=\"Connection Opened\" n=4278644  usr=\"nicola.baldinelli\" src=172.16.0.52:52923:X1  dst=172.16.1.24:53:X0  proto=udp/dns  vpnpolicy=\"WAN GroupVPN\"`;
 	data = data.replace(/\s+/g,' ');
+	*/
+
+	let data = `<22>date=2021-09-23 time=15:44:16.257 device_id=FE200E3A17000421 log_id=0200015528 type=statistics pri=information  session_id="18NDPAO7015527-18NDPAO8015527" client_name="" client_ip="10.6.66.201" client_cc="ZZ" dst_ip="10.6.67.2" from="noreply.cav@museodelprado.es" hfrom="noreply.cav@museodelprado.es" to="Enzo.armaroli@gmail.com" polid="7:1:3:museodelprado.es" domain="museodelprado.es" mailer="mta" resolved="FAIL" src_type="int" direction="out" virus="" disposition="Accept" classifier="Not Spam" message_length="1748927" subject="Sus entradas para el Museo del Prado" message_id="6e2e9f20c7374a8fab934dc7bbf36e23@correo01prado.museodelprado.es" recv_time="" notif_delay="0" scan_time="0.081117" xfer_time="1145.342651" srcfolder="" read_status=""`;
+	data = data.replace(/\s+/g,' ');
 	let keyval = new KeyValParserProcessor('test','keyval');
 	keyval.configure({},()=>{});
 	keyval.process({originalMessage:data},(err,res)=>{
diff --git a/lib/processor/timestamp.js b/lib/processor/timestamp.js
@@ -13,7 +13,7 @@ class TimestampProcessor extends Processor {
 		this.config = extend({},config);
 
 		this.input = this.config.input? jsexpr.expr(this.config.input) : null;
-		this.format = this.config.format || null;
+		this.format = this.config.format || undefined;
 		this.field = jsexpr.assign(this.config.field || this.config.output || "timestamp");
 		this.unix = this.config.unix || false;
 		callback();
