From 0b3f8ed849cdf9971224c49a3958f0904a2bbbb5 Mon Sep 17 00:00:00 2001
From: Toni <matzeton@googlemail.com>
Date: Sun, 5 Jun 2022 23:01:56 +0200
Subject: Fixed syslog false negatives. (#1582)

- RSH vs Syslog may still happen for midstream traffic

Signed-off-by: lns <matzeton@googlemail.com>
---
 src/lib/protocols/syslog.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/syslog.c')

diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c
index 866e0a0c0..1b072de07 100644
--- a/src/lib/protocols/syslog.c
+++ b/src/lib/protocols/syslog.c
@@ -73,7 +73,8 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct
         if (ndpi_isalnum(packet->payload[i]) == 0)
         {
             if (packet->payload[i] == ' ' || packet->payload[i] == ':' ||
-                packet->payload[i] == '=')
+                packet->payload[i] == '=' || packet->payload[i] == '[' ||
+                packet->payload[i] == '-')
             {
                 break;
             }
-- 
cgit v1.2.3