From 150e4ab667b4ed598d3ae465252c9dbc057fe6b4 Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Thu, 5 Nov 2020 14:23:27 -0500
Subject: [PATCH 1/2] Add support for IPv6 addresses. Fix issue with multiline
 line_start_pattern.

---
 plugins/microsoft_iis.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/microsoft_iis.yaml b/plugins/microsoft_iis.yaml
index 6cf8bb88..ef1eb429 100644
--- a/plugins/microsoft_iis.yaml
+++ b/plugins/microsoft_iis.yaml
@@ -28,7 +28,7 @@ pipeline:
     include:
       - {{ $file_path }}
     multiline:
-      line_start_pattern: \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} [\d+.]+
+      line_start_pattern: '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} '
     start_at: {{ $start_at }}
     labels:
       log_type: microsoft_iis
@@ -37,7 +37,7 @@ pipeline:
 
   - id: microsoft_iis_parser
     type: regex_parser
-    regex: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<server_ip>[\d+.]+) (?P<request_method>[A-Z]+) (?P<uri_stem>[^ ]+) (?P<uri_query>[^ ]+) (?P<server_port>\d+) (?P<username>[^ ]+) (?P<client_ip>[\d+.]+) (?P<user_agent>[^ ]+) (?P<referer>[^ ]+) (?P<http_status>\d+) (?P<http_sub_status>\d+) (?P<win32_status>\d+) (?P<time_taken>\d+)'
+    regex: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<server_ip>[\d+.:]+) (?P<request_method>[A-Z]+) (?P<uri_stem>[^ ]+) (?P<uri_query>[^ ]+) (?P<server_port>\d+) (?P<username>[^ ]+) (?P<client_ip>[\d+.:]+) (?P<user_agent>[^ ]+) (?P<referer>[^ ]+) (?P<http_status>\d+) (?P<http_sub_status>\d+) (?P<win32_status>\d+) (?P<time_taken>\d+)'
     timestamp:
       parse_from: timestamp
       layout: '%Y-%m-%d %H:%M:%S'

From 0d2043b91a8cc083df77cebab3d4385add5c3572 Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Thu, 5 Nov 2020 14:33:10 -0500
Subject: [PATCH 2/2] Add letter support to IPv6 support regex

---
 plugins/microsoft_iis.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/microsoft_iis.yaml b/plugins/microsoft_iis.yaml
index ef1eb429..ee59c1b8 100644
--- a/plugins/microsoft_iis.yaml
+++ b/plugins/microsoft_iis.yaml
@@ -37,7 +37,7 @@ pipeline:
 
   - id: microsoft_iis_parser
     type: regex_parser
-    regex: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<server_ip>[\d+.:]+) (?P<request_method>[A-Z]+) (?P<uri_stem>[^ ]+) (?P<uri_query>[^ ]+) (?P<server_port>\d+) (?P<username>[^ ]+) (?P<client_ip>[\d+.:]+) (?P<user_agent>[^ ]+) (?P<referer>[^ ]+) (?P<http_status>\d+) (?P<http_sub_status>\d+) (?P<win32_status>\d+) (?P<time_taken>\d+)'
+    regex: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<server_ip>[\d\w\.:]+) (?P<request_method>[A-Z]+) (?P<uri_stem>[^ ]+) (?P<uri_query>[^ ]+) (?P<server_port>\d+) (?P<username>[^ ]+) (?P<client_ip>[\d\w\.:]+) (?P<user_agent>[^ ]+) (?P<referer>[^ ]+) (?P<http_status>\d+) (?P<http_sub_status>\d+) (?P<win32_status>\d+) (?P<time_taken>\d+)'
     timestamp:
       parse_from: timestamp
       layout: '%Y-%m-%d %H:%M:%S'