From 47acc2684ce62886d13239448ad680bf29933401 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@programming.bacchus.network>
Date: Wed, 26 Sep 2018 22:54:14 -0600
Subject: [PATCH] Updated Logwatch 'SearchDate' custom script.  Renamed it.
 Updated notes in LogFile config.

---
 etc/logwatch/conf/logfiles/cfddns.conf                   | 6 ++++--
 .../scripts/shared/{fulldatetime => sqfullstampanywhere} | 9 ++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)
 rename etc/logwatch/scripts/shared/{fulldatetime => sqfullstampanywhere} (71%)

diff --git a/etc/logwatch/conf/logfiles/cfddns.conf b/etc/logwatch/conf/logfiles/cfddns.conf
index ecc6bc9..a36f810 100644
--- a/etc/logwatch/conf/logfiles/cfddns.conf
+++ b/etc/logwatch/conf/logfiles/cfddns.conf
@@ -4,6 +4,8 @@ LogFile = /path/to/your/cfddns.log
 # extension preservation
 Archive = /path/to/your/logfile.ext.?.gz
 # Apply the correct date/time filtering to match the format of the script's log
+# We are using a custom pl script in /etc/logwatch/scripts/shared/
 # You don't need to change this unless you have altered the 'stamp' variable in
-# the script
-*applystddate = "%Y-%m-%d %H:%M:%S"
\ No newline at end of file
+# the script in which case you will want to update the regex in the custom pl
+# script below
+*sqFullStampAnywhere
\ No newline at end of file
diff --git a/etc/logwatch/scripts/shared/fulldatetime b/etc/logwatch/scripts/shared/sqfullstampanywhere
similarity index 71%
rename from etc/logwatch/scripts/shared/fulldatetime
rename to etc/logwatch/scripts/shared/sqfullstampanywhere
index 304d17a..b123036 100644
--- a/etc/logwatch/scripts/shared/fulldatetime
+++ b/etc/logwatch/scripts/shared/sqfullstampanywhere
@@ -5,14 +5,16 @@
 ##########################################################################
 
 ###############################################################################
-## Filter dates in full-date-time international format
-## Format: '%Y-%m-%d %H:%M:%S'
+## Filter dates in full-date-time international format, surrounded by square
+## brackets located anywhere on a given line
+## Format: '[%Y-%m-%d %H:%M:%S]'
 ###############################################################################
 
 use Logwatch ':dates';
 
 my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
 
+### Specify the format of the date/time stamp itself
 $SearchDate = TimeFilter('%Y-%m-%d %H:%M:%S');
 
 if ( $Debug > 5 ) {
@@ -21,7 +23,8 @@ if ( $Debug > 5 ) {
 }
 
 while (defined($ThisLine = <STDIN>)) {
-   if ($ThisLine =~ m/^$SearchDate /o) {
+   ### specify the regex that defines how to find 'SearchDate'
+   if ($ThisLine =~ m/\[$SearchDate\] /o) {
       print $ThisLine;
    }
 }