Make pfsense:nginx and pfsense:nginx fields cim compliant

datapunctum · May 17, 2017 · a5f62bc · a5f62bc
1 parent e91b421
commit a5f62bc
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/default/props.conf b/default/props.conf
@@ -41,11 +41,11 @@ EVAL-app = "pfsense:openvpn"
 LOOKUP-openvpn_action = pfsense_openvpn_action vendor_action OUTPUTNEW action
 
 [pfsense:nginx]
-EXTRACT-pf_nginx = nginx: (?P<remote_addr>[^ ]+) \-(?P<remote_user>[^\s"]*) \- \[(?P<request_time>[^\]]+)[^"\n]*"(?P<request_type>\w+)\s+(?P<request_url>[^\s"]+)[^ \n]* (?P<request_version>[^"]+)[^ \n]* (?P<response_code>[^ ]+)\s+(?P<bytes_sent>\d+)[^"\n]*"(?P<referrer>[^"]+)(?:[^"\n]*"){2}(?P<useragent>[^"]+)
+EXTRACT-pf_nginx = nginx: (?P<dest>[^ ]+) \-(?P<user>[^\s"]*) \- \[(?P<request_time>[^\]]+)[^"\n]*"(?P<http_method>\w+)\s+(?P<url>[^\s"]+)[^ \n]* (?P<http_proto>[^"]+)[^ \n]* (?P<status>[^ ]+)\s+(?P<bytes_out>\d+)[^"\n]*"(?P<http_referrer>[^"]+)(?:[^"\n]*"){2}(?P<http_user_agent>[^"]+)
 EVAL-app = "pfsense:nginx"
 
 [pfsense:unbound]
-EXTRACT-queries = info: resolving (?P<dns_record>\S{2,})\s(?P<query_type>\S+)
-EXTRACT-response = info: response for (?P<dns_record>\S+)\s(?P<record_type>\S+)
-EXTRACT-reply = info: reply from\s(\S+)\s(?P<dns_server>(\d|.)+)#(?P<src_port>(\d+))
+EXTRACT-queries = info: resolving (?P<query>\S{2,})\s(?P<query_type>\S+)
+EXTRACT-response = info: response for (?P<answer>\S+)\s(?P<record_type>\S+)
+EXTRACT-reply = info: reply from\s(\S+)\s(?P<src>(\d|.)+)#(?P<src_port>(\d+))
 EVAL-app = "pfsense:unbound"