From 287fe92c51e56021f4b9ce536cbfe6d492a95178 Mon Sep 17 00:00:00 2001
From: Jan Doberstein <jd@jalogisch.de>
Date: Tue, 26 Mar 2013 14:33:31 +0100
Subject: [PATCH] Update syslog.conf
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

make the : optional after pid. 

this make the configuration compatibel with nxlog windows shipping
---
 recipes/syslog-pri/syslog.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes/syslog-pri/syslog.conf b/recipes/syslog-pri/syslog.conf
index 315a251..bc2e9f0 100644
--- a/recipes/syslog-pri/syslog.conf
+++ b/recipes/syslog-pri/syslog.conf
@@ -12,7 +12,7 @@ input {
 filter {
   grok {
       type => "syslog"
-      pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ]
+      pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?(:)? %{GREEDYDATA:syslog_message}" ]
       add_field => [ "received_at", "%{@timestamp}" ]
       add_field => [ "received_from", "%{@source_host}" ]
   }