From 6e554a71539d34bce3f8b2c9f389020e4ea2e172 Mon Sep 17 00:00:00 2001
From: fgierlinger <2966031+fgierlinger@users.noreply.github.com>
Date: Thu, 6 Apr 2023 13:52:03 +0200
Subject: [PATCH] Update SYSLOG5224BASE for ECS 8.2

---
 patterns/ecs-v1/linux-syslog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patterns/ecs-v1/linux-syslog b/patterns/ecs-v1/linux-syslog
index f118794e..7f477fd0 100644
--- a/patterns/ecs-v1/linux-syslog
+++ b/patterns/ecs-v1/linux-syslog
@@ -11,6 +11,6 @@ SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
 # IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
 SYSLOG5424PRI <%{NONNEGINT:[log][syslog][priority]:int}>
 SYSLOG5424SD \[%{DATA}\]+
-SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:[system][syslog][version]} +(?:-|%{TIMESTAMP_ISO8601:timestamp}) +(?:-|%{IPORHOST:[host][hostname]}) +(?:-|%{SYSLOG5424PRINTASCII:[process][name]}) +(?:-|%{POSINT:[process][pid]:int}) +(?:-|%{SYSLOG5424PRINTASCII:[event][code]}) +(?:-|%{SYSLOG5424SD:[system][syslog][structured_data]})?
+SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:[log][syslog][version]} +(?:-|%{TIMESTAMP_ISO8601:timestamp}) +(?:-|%{IPORHOST:[host][hostname]}) +(?:-|%{SYSLOG5424PRINTASCII:[process][name]}) +(?:-|%{POSINT:[process][pid]:int}) +(?:-|%{SYSLOG5424PRINTASCII:[event][code]}) +(?:-|%{SYSLOG5424SD:[log][syslog][structured_data]})?
 
 SYSLOG5424LINE %{SYSLOG5424BASE} +%{GREEDYDATA:message}