fix bash history pattern

wpoely86 · wpoely86 · commit 8553d0de9bfe · 2024-12-09T18:48:40.000+01:00
diff --git a/files/bash b/files/bash
@@ -1 +1 @@
-BASH_MSG HISTORY: PID=%{INT:pid:int} UID=%{INT:uid:int} %{GREEDYDATA:command}
+BASH_MSG HISTORY: PID=%{INT:bash_pid} UID=%{INT:uid} %{GREEDYDATA:command}
diff --git a/tests/data/bash b/tests/data/bash
@@ -6,8 +6,19 @@ data = [
         "@source_host": "master01",
         "program": "-bash",
         "uid": 0,
-        "pid": 23883,
+        "bash_pid": 23883,
         "command": "echo boem",
     }
 },
+{
+    "raw": "<14>1 2024-12-09T11:18:16.406259+01:00 storctrl02 -bash[1102070]: - -bash:  HISTORY: PID=1102070 UID=4005 sudo cat /etc/cron.d/aad-*",
+    "expected": {
+        "@source_host": "storctrl02",
+        "program": "-bash",
+        "uid": 4005,
+        "pid": 1102070,
+        "bash_pid": 1102070,
+        "command": "sudo cat /etc/cron.d/aad-*",
+    }
+},
 ]

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-BASH_MSG HISTORY: PID=%{INT:pid:int} UID=%{INT:uid:int} %{GREEDYDATA:command}`
	`1`	`+BASH_MSG HISTORY: PID=%{INT:bash_pid} UID=%{INT:uid} %{GREEDYDATA:command}`