From 559b9d45345cc546600fa3c7b6a5056177ca29b4 Mon Sep 17 00:00:00 2001
From: my2ndhead <mika.borner@gmail.com>
Date: Wed, 9 Dec 2015 22:23:02 +0100
Subject: [PATCH] Supports connection_host = dns. Resolves #3

---
 README                  | 4 ++--
 default/app.conf        | 2 +-
 default/props.conf      | 2 +-
 default/transforms.conf | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README b/README
index 86ea3f5..e68d6e4 100644
--- a/README
+++ b/README
@@ -2,7 +2,7 @@
 
    Author: Mika Borner
 
-   Version/Date: 2.0.3 12/09/2015
+   Version/Date: 2.0.4 12/09/2015
 
    Supported product(s): 
                    pfSense 2.2.x
@@ -30,7 +30,7 @@
 	[udp://516]
 	index = network
 	sourcetype = pfsense
-
+        connection_host = dns
 
    ===Bugs===
 
diff --git a/default/app.conf b/default/app.conf
index bd0f7e6..3cb5436 100644
--- a/default/app.conf
+++ b/default/app.conf
@@ -6,7 +6,7 @@ state = enabled
 
 [launcher]
 author = my2ndhead
-version = 2.0.3
+version = 2.0.4
 description = Technology Add-on for pfSense
 
 [ui]
diff --git a/default/props.conf b/default/props.conf
index 77235de..8cdb2d5 100644
--- a/default/props.conf
+++ b/default/props.conf
@@ -1,7 +1,7 @@
 [pfsense]
 TRANSFORMS-pfsense_sourcetyper = pfsense_sourcetyper
 SHOULD_LINEMERGE = false
-SEDCMD-event_cleaner = s/^\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s+//g
+SEDCMD-event_cleaner = s/^\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s+\S+\.\S+\s+//g
 
 [pfsense:filterlog]
 EXTRACT-ipv4_tcp = filterlog:\s(?<rule>[^,])*,(?<sub_rule>[^,]*),(?<anchor>[^,]*),(?<tracker_id>[^,]*),(?<dest_int>[^,]*),(?<reason>[^,]*),(?<vendor_action>[^,]*),(?<vendor_direction>[^,]*),(?<ip_version>4),(?<tos>[^,]*),(?<ecn>[^,]*),(?<ttl>[^,]*),(?<id>[^,]*),(?<offset>[^,]*),(?<flags>[^,]*),(?<transport_id>[^,]*),(?<vendor_transport>tcp),(?<bytes>[^,]*),(?<src_ip>[^,]*),(?<dest_ip>[^,]*),(?<src_port>[^,]*),(?<dest_port>[^,]*),(?<payload_bytes>[^,]*),(?<vendor_tcp_flags>[^,]*),(?<sequence_number>[^,]*),(?<ack>[^,]*),(?<window>[^,]*),(?<urg>[^,]*),(?<options>[^$]*)$
diff --git a/default/transforms.conf b/default/transforms.conf
index 295cca5..043a845 100644
--- a/default/transforms.conf
+++ b/default/transforms.conf
@@ -1,5 +1,5 @@
 [pfsense_sourcetyper]
-REGEX = ^\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s+(\w+)(\[\d+\])?:
+REGEX = ^(\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s+\S+)?\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s+(\w+)(\[\d+\])?:
 DEST_KEY = MetaData:Sourcetype
 FORMAT = sourcetype::pfsense:$1