new log format of proftpd

[ChristianBeer]

It seems that starting with 1.3.5 proftpd is using a new log format specificaly the date time group. This is not recognized in Phase 1 of the decoding. See sample:
version: 1.3.4

Apr 16 14:16:30 zuse proftpd[9673] zuse.domain.com (14.139.172.115[14.139.172.115]): USER sys (Login failed): Incorrect password


**Phase 1: Completed pre-decoding.
       full event: 'Apr 16 14:16:30 zuse proftpd[9673] zuse.domain.com (14.139.172.115[14.139.172.115]): USER sys (Login failed): Incorrect password'
       hostname: 'zuse'
       program_name: 'proftpd'
       log: 'zuse.domain.com (14.139.172.115[14.139.172.115]): USER sys (Login failed): Incorrect password'

version: 1.3.5

2015-04-16 21:51:02,805 zuse proftpd[26189] zuse.domain.com (182.100.67.115[182.100.67.115]): USER root (Login failed): Incorrect password


**Phase 1: Completed pre-decoding.
       full event: '2015-04-16 21:51:02,805 zuse proftpd[26189] zuse.domain.com (182.100.67.115[182.100.67.115]): USER root (Login failed): Incorrect password'
       hostname: 'zuse'
       program_name: '(null)'
       log: '2015-04-16 21:51:02,805 zuse proftpd[26189] zuse.domain.com (182.100.67.115[182.100.67.115]): USER root (Login failed): Incorrect password'

The program_name is missing so the decoder can't kick in. I have a workaround in place right now (custom decoder) but would really like to see this fixed in source code. I'm short on time right now so I leave this for someone else to work on.

See https://github.com/ossec/ossec-hids/blob/master/src/analysisd/cleanevent.c for where to add this format.