From b12ac0e65deb4fc45d22e6fc572273293c5732b0 Mon Sep 17 00:00:00 2001
From: Jochen Schalanda <jochen@schalanda.name>
Date: Wed, 15 Nov 2017 14:54:48 +0100
Subject: [PATCH] Upgrade to CEF parser 0.0.1.10 (#24)

OSSEC is using a "degraded" syslog format without hostname field.

Fixes #23
---
 pom.xml                                       |  2 +-
 .../fixtures/issue_23_comment_343792271.json  | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 src/test/resources/fixtures/issue_23_comment_343792271.json

diff --git a/pom.xml b/pom.xml
index b508dee9655e..8550a1645539 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
         <dependency>
             <groupId>org.graylog.cef</groupId>
             <artifactId>cef-parser</artifactId>
-            <version>0.0.1.9</version>
+            <version>0.0.1.10</version>
         </dependency>
         <dependency>
             <groupId>org.graylog2</groupId>
diff --git a/src/test/resources/fixtures/issue_23_comment_343792271.json b/src/test/resources/fixtures/issue_23_comment_343792271.json
new file mode 100644
index 000000000000..551847b387e2
--- /dev/null
+++ b/src/test/resources/fixtures/issue_23_comment_343792271.json
@@ -0,0 +1,20 @@
+{
+  "testString": "<132>Nov 13 13:17:41 CEF:0|Trend Micro Inc.|OSSEC HIDS|v2.9.2|1002|Unknown problem somewhere in the system.|2|dvc=log cs1=(proxy) any->/var/log/syslog cs1Label=Location classification= syslog,errors, msg=Nov 13 13:17:39 proxy tinyproxy[26954]: readbuff: recv() error \"Connection reset by peer\" on file descriptor 6",
+  "description": "https://github.com/Graylog2/graylog-plugin-cef/issues/23#issuecomment-343792271",
+  "remoteAddress": "127.0.0.1",
+  "expectedSource": "log",
+  "cefVersion": 0,
+  "deviceVendor": "Trend Micro Inc.",
+  "deviceProduct": "OSSEC HIDS",
+  "deviceVersion": "v2.9.2",
+  "deviceEventClassId": "1002",
+  "name": "Unknown problem somewhere in the system.",
+  "severity": "2",
+  "extensions": {
+    "level": 4,
+    "facility": "local0",
+    "Location": "(proxy) any->/var/log/syslog",
+    "classification": "syslog,errors,",
+    "msg": "Nov 13 13:17:39 proxy tinyproxy[26954]: readbuff: recv() error \"Connection reset by peer\" on file descriptor 6"
+  }
+}
\ No newline at end of file