sourcetyper regex

[opoplawski]

First off, thanks for your work here. Are you still working on it?

Why did the sourcetyper regex change to:

REGEX = \d+\s+\d+\-\d+\-\d+\S+\d+:\d+:\d+\.\d+\+\d+:\d+\s+\S+\.\S+\.\S+\s+(?P<sourcetype>\S+)\s+.*

I can't think of what type of line that would match. It certainly doesn't match the native pfsense logs of format:

Dec 16 10:07:07 hostname openvpn[85837]: user 'USER' authenticated

[barakat-abweh]

till now it's the best way to rematch the source type, once a better one found it will be updated.

Thanks for your note