reyjrar · reyjrar · Nov 28, 2024 · Nov 28, 2024
diff --git a/t/bin/create_test_entry.pl b/t/bin/create_test_entry.pl
@@ -38,51 +38,58 @@
 # this avoids HTTP::Date weirdnes with dates "in the future"
 Test::MockTime::set_fixed_time("2018-12-01T00:00:00Z");
 
-my %Options = ();
-if ( $opt->options ) {
-    %Options = %{ $opt->options };
-    foreach my $k ( sort keys %Options ) {
-        no strict 'refs';
-        verbose({color=>'yellow'}, "Setting Parse::Syslog::Line::$k = $Options{$k}");
-        ${"Parse::Syslog::Line::$k"} = $Options{$k};
-    }
-}
-
 if( $opt->regenerate ) {
+    die "Can't use --options with --regenerate!" if $opt->options;
     $dataDir->visit(sub {
         my ($p) = @_;
         # Only read YAML Data
         return unless $p->is_file and $p->stringify =~ /\.yaml/;
         # Reading is fatal if it fails, that's cool
         my $contents = YAML::LoadFile( $p->stringify );
-        # Generate the Test Case
-        generate_test_data( $contents );
+        # Generate the Test Case in a child to isolate test options
+        if ( my $pid = fork() ) {
+            while( wait() != -1 ) {}
+        }
+        else {
+            generate_test_data( $contents, id => $p->basename('.yaml') );
+            exit 0;
+        }
     });
 }
 else {
     output({color=>'magenta'}, "Please enter log entries newline delimited:");
     while(my $msg = <<>>) {
         chomp($msg);
-        generate_test_data({ string => $msg });
+        generate_test_data({ string => $msg }, options => $opt->options);
     }
 }
 
 sub generate_test_data {
-    my ($entry) = @_;
+    my ($entry,%args) = @_;
 
     die "Missing 'string' element in the test case"
         unless $entry->{string};
 
-    my $id_str = $entry->{string};
-    $id_str   .= YAML::Dump( \%Options ) if $opt->options;
-    my $id = md5_hex($id_str);
+    # Handle options
+    $entry->{options}  = $args{options} if $args{options};
+    if ( $entry->{options} ) {
+        foreach my $k ( keys %{ $entry->{options} } ) {
+            no strict 'refs';
+            ${"Parse::Syslog::Line::$k"} = $entry->{options}{$k};
+        }
+    }
 
-    $entry->{options}  = \%Options if $opt->options;
+    # Generate the data
     $entry->{expected} = parse_syslog_line($entry->{string});
 
+    # Generate a Test ID
+    my $id_str = $entry->{string};
+    $id_str .= YAML::Dump( $entry->{options} ) if $entry->{options};
+    my $id = $args{id} || md5_hex($id_str);
+
     output({clear => 1, color=>'cyan'}, $entry->{string});
     output({indent => 1}, split /\r?\n/, YAML::Dump($entry->{expected}));
-    next unless $opt->noconfirm or confirm("Does this look correct?");
+    return unless $opt->noconfirm or confirm("Does this look correct?");
     $entry->{name} ||= prompt("What name would you give this test? ", default => $id);
 
     my $file = $dataDir->child("${id}.yaml");

diff --git a/t/data/064eaadcacdcfe59b91cf280f1a25bc9.yaml b/t/data/064eaadcacdcfe59b91cf280f1a25bc9.yaml
@@ -2,9 +2,9 @@
 expected:
   content: 'FCP Target 0c: Target was Reset by the Initiator at Port Id: 0x11000 (WWPN 5001438021e071ec)'
   date: 2018-01-01
+  datetime_local: 2018-01-01T11:28:13Z
   datetime_raw: Jan 1 11:28:13
   datetime_str: 2018-01-01T11:28:13Z
-  datetime_local: 2018-01-01T11:28:13Z
   datetime_utc: 2018-01-01T11:28:13Z
   domain: example.com
   epoch: 1514806093
@@ -14,7 +14,6 @@ expected:
   host_raw: filer-201.example.com
   message: '[filer-201: scsitarget.ispfct.targetReset:notice]: FCP Target 0c: Target was Reset by the Initiator at Port Id: 0x11000 (WWPN 5001438021e071ec)'
   message_raw: '<134>Jan 1 11:28:13 filer-201.example.com [filer-201: scsitarget.ispfct.targetReset:notice]: FCP Target 0c: Target was Reset by the Initiator at Port Id: 0x11000 (WWPN 5001438021e071ec)'
-  tz: Z
   preamble: 134
   priority: info
   priority_int: 6
@@ -23,5 +22,6 @@ expected:
   program_raw: '[filer-201: scsitarget.ispfct.targetReset:notice]'
   program_sub: ~
   time: 11:28:13
+  tz: Z
 name: NetApp Filer Logs
 string: '<134>Jan 1 11:28:13 filer-201.example.com [filer-201: scsitarget.ispfct.targetReset:notice]: FCP Target 0c: Target was Reset by the Initiator at Port Id: 0x11000 (WWPN 5001438021e071ec)'
diff --git a/t/data/0cf67252f51bc98c6302cf2d11832db2.yaml b/t/data/0cf67252f51bc98c6302cf2d11832db2.yaml
@@ -15,7 +15,6 @@ expected:
   message: '%LINK-3-UPDOWN: Interface BRI0:1, changed state to down'
   message_raw: '<187>Jan 1 14:58:58 fqdn.tld 6951: .Jan 1 14:58:57: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down'
   ntp: out of sync
-  tz: Z
   preamble: 187
   priority: err
   priority_int: 3
@@ -24,5 +23,6 @@ expected:
   program_raw: '%LINK-3-UPDOWN'
   program_sub: ~
   time: 14:58:58
+  tz: Z
 name: Cisco NTP No Sync
 string: '<187>Jan 1 14:58:58 fqdn.tld 6951: .Jan 1 14:58:57: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down'
diff --git a/t/data/0e03a69469bdfe47db4dff53681ae434.yaml b/t/data/0e03a69469bdfe47db4dff53681ae434.yaml
@@ -2,9 +2,9 @@
 expected:
   content: Interface Ethernet121/1/1 is down(Config change)
   date: 2018-01-01
+  datetime_local: 2018-01-01T09:09:36Z
   datetime_raw: 2018-01-01T11:09:36+02:00
   datetime_str: 2018-01-01T11:09:36+0200
-  datetime_local: 2018-01-01T09:09:36Z
   datetime_utc: 2018-01-01T09:09:36Z
   domain: company.tld
   epoch: 1514797776
@@ -15,7 +15,6 @@ expected:
   message: '%ETHPORT-5-IF_DOWN_CFG_CHANGE: Interface Ethernet121/1/1 is down(Config change)'
   message_raw: '2018-01-01T11:09:36+02:00 hostname.company.tld : 2018 Jan  1 11:09:36.290 CET: %ETHPORT-5-IF_DOWN_CFG_CHANGE: Interface Ethernet121/1/1 is down(Config change)'
   ntp: ok
-  tz: +0200
   preamble: ~
   priority: ~
   priority_int: ~
@@ -24,5 +23,6 @@ expected:
   program_raw: '%ETHPORT-5-IF_DOWN_CFG_CHANGE'
   program_sub: ~
   time: 11:09:36
+  tz: +0200
 name: Cisco NX-OS
 string: '2018-01-01T11:09:36+02:00 hostname.company.tld : 2018 Jan  1 11:09:36.290 CET: %ETHPORT-5-IF_DOWN_CFG_CHANGE: Interface Ethernet121/1/1 is down(Config change)'
diff --git a/t/data/21a3db207b78320769f2cb316dd03f60.yaml b/t/data/21a3db207b78320769f2cb316dd03f60.yaml
@@ -15,7 +15,6 @@ expected:
   message: '%C4K_EBM-4-HOSTFLAPPING: Host 00:1B:21:4B:7B:5D in vlan 1 is flapping between port Gi6/37 and port Gi6/38'
   message_raw: '<188>Jan 1 00:10:02 10.43.0.10 1813056: Jan 1 00:15:02: %C4K_EBM-4-HOSTFLAPPING: Host 00:1B:21:4B:7B:5D in vlan 1 is flapping between port Gi6/37 and port Gi6/38'
   ntp: ok
-  tz: Z
   preamble: 188
   priority: warn
   priority_int: 4
@@ -24,5 +23,6 @@ expected:
   program_raw: '%C4K_EBM-4-HOSTFLAPPING'
   program_sub: ~
   time: 00:10:02
+  tz: Z
 name: Cisco Catalyst
 string: '<188>Jan 1 00:10:02 10.43.0.10 1813056: Jan 1 00:15:02: %C4K_EBM-4-HOSTFLAPPING: Host 00:1B:21:4B:7B:5D in vlan 1 is flapping between port Gi6/37 and port Gi6/38'
diff --git a/t/data/3a7ef75494efe41176b9d57a06517a54.yaml b/t/data/3a7ef75494efe41176b9d57a06517a54.yaml
@@ -4,9 +4,9 @@ expected:
     lunchTime: 1443612366.442
   content: '{"lunchTime":1443612366.442}'
   date: 2015-09-30
-  datetime_str: 2015-09-30T06:26:06.779373-0500
-  datetime_raw: 2015-09-30T06:26:06.779373-05:00
   datetime_local: 2015-09-30T11:26:06.779373Z
+  datetime_raw: 2015-09-30T06:26:06.779373-05:00
+  datetime_str: 2015-09-30T06:26:06.779373-0500
   datetime_utc: 2015-09-30T11:26:06.779373Z
   domain: ~
   epoch: 1443612366.779373
@@ -16,7 +16,6 @@ expected:
   host_raw: my-host
   message: 'my-script.pl: {"lunchTime":1443612366.442}'
   message_raw: '2015-09-30T06:26:06.779373-05:00 my-host my-script.pl: {"lunchTime":1443612366.442}'
-  tz: -0500
   preamble: ~
   priority: ~
   priority_int: ~
@@ -25,6 +24,7 @@ expected:
   program_raw: my-script.pl
   program_sub: ~
   time: 06:26:06.779373
+  tz: -0500
 name: AutoDetectJSON
 options:
   AutoDetectJSON: 1

diff --git a/t/data/3ca7dfaa06c1fd7138e9d7fd75ca49e7.yaml b/t/data/3ca7dfaa06c1fd7138e9d7fd75ca49e7.yaml
@@ -14,7 +14,6 @@ expected:
   host_raw: 11.22.33.44
   message: 'dhcpd: DHCPINFORM from 172.16.2.137 via vlan3'
   message_raw: 'Jan  1 00:00:00 11.22.33.44 dhcpd: DHCPINFORM from 172.16.2.137 via vlan3'
-  tz: Z
   preamble: ~
   priority: ~
   priority_int: ~
@@ -23,5 +22,6 @@ expected:
   program_raw: dhcpd
   program_sub: ~
   time: 00:00:00
+  tz: Z
 name: 'IP without Hostname, no preamble'
 string: 'Jan  1 00:00:00 11.22.33.44 dhcpd: DHCPINFORM from 172.16.2.137 via vlan3'
diff --git a/t/data/3e119d58d6ea3cf34beabad4f28999f8.yaml b/t/data/3e119d58d6ea3cf34beabad4f28999f8.yaml
@@ -30,7 +30,6 @@ expected:
   host_raw: alma9
   message: 'podman[1286826]: 2024-09-15 00:00:05.516700379 -0700 PDT m=+0.050887542 container health_status c12740d991d21bbea2989adffbbecf471eb28bd2d416587eff9c4b94e43fdb92 (image=docker.io/plexinc/pms-docker:latest, name=plex, health_status=healthy, org.opencontainers.image.created=2024-09-11T16:25:53.185Z, org.opencontainers.image.ref.name=ubuntu, org.opencontainers.image.revision=c8e17655441744e88dd3b45f96f824052fda79a3, org.opencontainers.image.title=Plex Media Server, org.opencontainers.image.vendor=Plex, GmbH, org.opencontainers.image.licenses=NOASSERTION, org.opencontainers.image.url=https://github.com/plexinc/plex-media-server, org.opencontainers.image.version=1.41.0.8992-8463ad060, org.opencontainers.image.description="The Plex Media Server", puppet_resource_flags=eyJuZXR3b3JrIj0+Imhvc3QiLCAidm9sdW1lIj0+WyJwbGV4bWVkaWE6L21lZGlhIiwgInBsZXh0cmFuc2NvZGU6L3RyYW5zY29kZSIsICIvaG9tZS9jb250YWluZXJzL3BsZXg6L2NvbmZpZyIsICIvbWVkaWEvbW92aWVzOi9tZWRpYS9tb3ZpZXMiLCAiL21lZGlhL211c2ljOi9tZWRpYS9tdXNpYyIsICIvbWVkaWEvdHY6L21lZGlhL3R2Il0sICJkZXZpY2UiPT5bIi9kZXYvZHJpOi9kZXYvZHJpIl19, org.opencontainers.image.source=https://github.com/plexinc/pms-docker)'
   message_raw: 'Sep 15 00:00:05 alma9 podman[1286826]: 2024-09-15 00:00:05.516700379 -0700 PDT m=+0.050887542 container health_status c12740d991d21bbea2989adffbbecf471eb28bd2d416587eff9c4b94e43fdb92 (image=docker.io/plexinc/pms-docker:latest, name=plex, health_status=healthy, org.opencontainers.image.created=2024-09-11T16:25:53.185Z, org.opencontainers.image.ref.name=ubuntu, org.opencontainers.image.revision=c8e17655441744e88dd3b45f96f824052fda79a3, org.opencontainers.image.title=Plex Media Server, org.opencontainers.image.vendor=Plex, GmbH, org.opencontainers.image.licenses=NOASSERTION, org.opencontainers.image.url=https://github.com/plexinc/plex-media-server, org.opencontainers.image.version=1.41.0.8992-8463ad060, org.opencontainers.image.description="The Plex Media Server", puppet_resource_flags=eyJuZXR3b3JrIj0+Imhvc3QiLCAidm9sdW1lIj0+WyJwbGV4bWVkaWE6L21lZGlhIiwgInBsZXh0cmFuc2NvZGU6L3RyYW5zY29kZSIsICIvaG9tZS9jb250YWluZXJzL3BsZXg6L2NvbmZpZyIsICIvbWVkaWEvbW92aWVzOi9tZWRpYS9tb3ZpZXMiLCAiL21lZGlhL211c2ljOi9tZWRpYS9tdXNpYyIsICIvbWVkaWEvdHY6L21lZGlhL3R2Il0sICJkZXZpY2UiPT5bIi9kZXYvZHJpOi9kZXYvZHJpIl19, org.opencontainers.image.source=https://github.com/plexinc/pms-docker)'
-  tz: Z
   preamble: ~
   priority: ~
   priority_int: ~
@@ -39,6 +38,7 @@ expected:
   program_raw: 'podman[1286826]'
   program_sub: ~
   time: 00:00:05
+  tz: Z
 name: Podman health status messages
 options:
   AutoDetectKeyValues: 1

diff --git a/t/data/40688f8e14cf650c369aec8a86e43e96.yaml b/t/data/40688f8e14cf650c369aec8a86e43e96.yaml
@@ -1,3 +1,4 @@
+---
 expected:
   content: '[1:1893:4] SNMP missing community string attempt [Classification: Misc Attack] [Priority: 2]: {UDP} 1.2.3.4:23210 -> 5.6.7.8:161'
   date: 2018-01-01
@@ -13,7 +14,6 @@ expected:
   host_raw: mainfw
   message: 'snort[32640]: [1:1893:4] SNMP missing community string attempt [Classification: Misc Attack] [Priority: 2]: {UDP} 1.2.3.4:23210 -> 5.6.7.8:161'
   message_raw: '<11>Jan  1 00:00:00 mainfw snort[32640]: [1:1893:4] SNMP missing community string attempt [Classification: Misc Attack] [Priority: 2]: {UDP} 1.2.3.4:23210 -> 5.6.7.8:161'
-  tz: Z
   preamble: 11
   priority: err
   priority_int: 3
@@ -22,5 +22,6 @@ expected:
   program_raw: 'snort[32640]'
   program_sub: ~
   time: 00:00:00
+  tz: Z
 name: Snort Message Parse
 string: '<11>Jan  1 00:00:00 mainfw snort[32640]: [1:1893:4] SNMP missing community string attempt [Classification: Misc Attack] [Priority: 2]: {UDP} 1.2.3.4:23210 -> 5.6.7.8:161'
diff --git a/t/data/4209c3f669b2a1ae81a0db4e8f4c5dd5.yaml b/t/data/4209c3f669b2a1ae81a0db4e8f4c5dd5.yaml
@@ -14,7 +14,6 @@ expected:
   host_raw: ~
   message: '/usr/sbin/cron[73991]: (root) CMD (/usr/libexec/atrun)'
   message_raw: '<78>Jan  1 08:15:00 /usr/sbin/cron[73991]: (root) CMD (/usr/libexec/atrun)'
-  tz: Z
   preamble: 78
   priority: info
   priority_int: 6
@@ -23,5 +22,6 @@ expected:
   program_raw: '/usr/sbin/cron[73991]'
   program_sub: ~
   time: 08:15:00
+  tz: Z
 name: FreeBSD cron
 string: '<78>Jan  1 08:15:00 /usr/sbin/cron[73991]: (root) CMD (/usr/libexec/atrun)'
diff --git a/t/data/4bab0b1bd6e18f35fcee6fecf1522030.yaml b/t/data/4bab0b1bd6e18f35fcee6fecf1522030.yaml
@@ -14,7 +14,6 @@ expected:
   host_raw: f5lb-201.example.com
   message: 'info logger: [ssl_acc] 10.0.0.1 - bob [01/Jan/2015:10:55:37 +0000] "/xui/update/configuration/alert/statusmenu/coloradvisory" 200 1702'
   message_raw: '<182>Jan 1 10:55:37 f5lb-201.example.com info logger: [ssl_acc] 10.0.0.1 - bob [01/Jan/2015:10:55:37 +0000] "/xui/update/configuration/alert/statusmenu/coloradvisory" 200 1702'
-  tz: Z
   preamble: 182
   priority: info
   priority_int: 6
@@ -23,5 +22,6 @@ expected:
   program_raw: info logger
   program_sub: ~
   time: 10:55:37
+  tz: Z
 name: F5 includes level
 string: '<182>Jan 1 10:55:37 f5lb-201.example.com info logger: [ssl_acc] 10.0.0.1 - bob [01/Jan/2015:10:55:37 +0000] "/xui/update/configuration/alert/statusmenu/coloradvisory" 200 1702'
diff --git a/t/data/4cfcff8c1f4bf03d14995286bf9d438f.yaml b/t/data/4cfcff8c1f4bf03d14995286bf9d438f.yaml
@@ -2,20 +2,20 @@
 expected:
   SDATA:
     ACTION: outbound
-    DPT: '55233'
+    DPT: 55233
     DST: 71.198.187.165
     ID: 57140 DF
-    LEN: '60'
+    LEN: 60
     OUT: eth0
     PREC: 0x00
     PROTO: TCP
     RES: 0x00 SYN
-    SPT: '47070'
+    SPT: 47070
     SRC: 148.251.14.68
     TOS: 0x00
-    TTL: '64'
-    URGP: '0'
-    WINDOW: '14600'
+    TTL: 64
+    URGP: 0
+    WINDOW: 14600
   content: 'iptables - ACTION=outbound IN= OUT=eth0 SRC=148.251.14.68 DST=71.198.187.165 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57140 DF PROTO=TCP SPT=47070 DPT=55233 WINDOW=14600 RES=0x00 SYN URGP=0'
   date: 2018-05-20
   datetime_local: 2018-05-20T06:40:46Z
@@ -30,7 +30,6 @@ expected:
   host_raw: janus
   message: 'kernel: iptables - ACTION=outbound IN= OUT=eth0 SRC=148.251.14.68 DST=71.198.187.165 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57140 DF PROTO=TCP SPT=47070 DPT=55233 WINDOW=14600 RES=0x00 SYN URGP=0'
   message_raw: 'May 20 06:40:46 janus kernel: iptables - ACTION=outbound IN= OUT=eth0 SRC=148.251.14.68 DST=71.198.187.165 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57140 DF PROTO=TCP SPT=47070 DPT=55233 WINDOW=14600 RES=0x00 SYN URGP=0'
-  tz: Z
   preamble: ~
   priority: ~
   priority_int: ~
@@ -39,6 +38,7 @@ expected:
   program_raw: kernel
   program_sub: ~
   time: 06:40:46
+  tz: Z
 name: iptables entry with key/values
 options:
   AutoDetectKeyValues: 1

diff --git a/t/data/50a58f26f61a890d291675494c0d9a76.yaml b/t/data/50a58f26f61a890d291675494c0d9a76.yaml
@@ -18,9 +18,9 @@ expected:
     puppet_resource_flags: eyJuZXR3b3JrIj0+Imhvc3QiLCAidm9sdW1lIj0+WyJwbGV4bWVkaWE6L21lZGlhIiwgInBsZXh0cmFuc2NvZGU6L3RyYW5zY29kZSIsICIvaG9tZS9jb250YWluZXJzL3BsZXg6L2NvbmZpZyIsICIvbWVkaWEvbW92aWVzOi9tZWRpYS9tb3ZpZXMiLCAiL21lZGlhL211c2ljOi9tZWRpYS9tdXNpYyIsICIvbWVkaWEvdHY6L21lZGlhL3R2OnJ3Il0sICJkZXZpY2UiPT5bIi9kZXYvZHJpOi9kZXYvZHJpIl19
   content: '2024-11-26 10:07:23.5240656 -0800 PST m=+0.068542493 container health_status 98a4a38516b0d0c412903928a00b138e3602bb46130622587d53fe765db3055a (image=docker.io/plexinc/pms-docker:latest, name=plex, health_status=healthy, org.opencontainers.image.source=https://github.com/plexinc/pms-docker, org.opencontainers.image.title=Plex Media Server, org.opencontainers.image.vendor=Plex, GmbH, org.opencontainers.image.description="The Plex Media Server", org.opencontainers.image.version=1.41.2.9200-c6bbc1b53, org.opencontainers.image.licenses=NOASSERTION, org.opencontainers.image.revision=f004951b3f9cfafe1b27d62a9a53ed68728a996a, org.opencontainers.image.ref.name=ubuntu, org.opencontainers.image.url=https://github.com/plexinc/plex-media-server, puppet_resource_flags=eyJuZXR3b3JrIj0+Imhvc3QiLCAidm9sdW1lIj0+WyJwbGV4bWVkaWE6L21lZGlhIiwgInBsZXh0cmFuc2NvZGU6L3RyYW5zY29kZSIsICIvaG9tZS9jb250YWluZXJzL3BsZXg6L2NvbmZpZyIsICIvbWVkaWEvbW92aWVzOi9tZWRpYS9tb3ZpZXMiLCAiL21lZGlhL211c2ljOi9tZWRpYS9tdXNpYyIsICIvbWVkaWEvdHY6L21lZGlhL3R2OnJ3Il0sICJkZXZpY2UiPT5bIi9kZXYvZHJpOi9kZXYvZHJpIl19, org.opencontainers.image.created=2024-11-13T19:05:55.221Z)'
   date: 2024-11-26
-  datetime_str: 2024-11-26T10:07:23.524224-0800
-  datetime_raw: 2024-11-26T10:07:23.524224-08:00
   datetime_local: 2024-11-26T18:07:23.524224Z
+  datetime_raw: 2024-11-26T10:07:23.524224-08:00
+  datetime_str: 2024-11-26T10:07:23.524224-0800
   datetime_utc: 2024-11-26T18:07:23.524224Z
   domain: ~
   epoch: 1732644443.524224
@@ -30,7 +30,6 @@ expected:
   host_raw: alma9
   message: 'podman[664437]: 2024-11-26 10:07:23.5240656 -0800 PST m=+0.068542493 container health_status 98a4a38516b0d0c412903928a00b138e3602bb46130622587d53fe765db3055a (image=docker.io/plexinc/pms-docker:latest, name=plex, health_status=healthy, org.opencontainers.image.source=https://github.com/plexinc/pms-docker, org.opencontainers.image.title=Plex Media Server, org.opencontainers.image.vendor=Plex, GmbH, org.opencontainers.image.description="The Plex Media Server", org.opencontainers.image.version=1.41.2.9200-c6bbc1b53, org.opencontainers.image.licenses=NOASSERTION, org.opencontainers.image.revision=f004951b3f9cfafe1b27d62a9a53ed68728a996a, org.opencontainers.image.ref.name=ubuntu, org.opencontainers.image.url=https://github.com/plexinc/plex-media-server, puppet_resource_flags=eyJuZXR3b3JrIj0+Imhvc3QiLCAidm9sdW1lIj0+WyJwbGV4bWVkaWE6L21lZGlhIiwgInBsZXh0cmFuc2NvZGU6L3RyYW5zY29kZSIsICIvaG9tZS9jb250YWluZXJzL3BsZXg6L2NvbmZpZyIsICIvbWVkaWEvbW92aWVzOi9tZWRpYS9tb3ZpZXMiLCAiL21lZGlhL211c2ljOi9tZWRpYS9tdXNpYyIsICIvbWVkaWEvdHY6L21lZGlhL3R2OnJ3Il0sICJkZXZpY2UiPT5bIi9kZXYvZHJpOi9kZXYvZHJpIl19, org.opencontainers.image.created=2024-11-13T19:05:55.221Z)'
   message_raw: '<13>2024-11-26T10:07:23.524224-08:00 alma9 podman[664437]: 2024-11-26 10:07:23.5240656 -0800 PST m=+0.068542493 container health_status 98a4a38516b0d0c412903928a00b138e3602bb46130622587d53fe765db3055a (image=docker.io/plexinc/pms-docker:latest, name=plex, health_status=healthy, org.opencontainers.image.source=https://github.com/plexinc/pms-docker, org.opencontainers.image.title=Plex Media Server, org.opencontainers.image.vendor=Plex, GmbH, org.opencontainers.image.description="The Plex Media Server", org.opencontainers.image.version=1.41.2.9200-c6bbc1b53, org.opencontainers.image.licenses=NOASSERTION, org.opencontainers.image.revision=f004951b3f9cfafe1b27d62a9a53ed68728a996a, org.opencontainers.image.ref.name=ubuntu, org.opencontainers.image.url=https://github.com/plexinc/plex-media-server, puppet_resource_flags=eyJuZXR3b3JrIj0+Imhvc3QiLCAidm9sdW1lIj0+WyJwbGV4bWVkaWE6L21lZGlhIiwgInBsZXh0cmFuc2NvZGU6L3RyYW5zY29kZSIsICIvaG9tZS9jb250YWluZXJzL3BsZXg6L2NvbmZpZyIsICIvbWVkaWEvbW92aWVzOi9tZWRpYS9tb3ZpZXMiLCAiL21lZGlhL211c2ljOi9tZWRpYS9tdXNpYyIsICIvbWVkaWEvdHY6L21lZGlhL3R2OnJ3Il0sICJkZXZpY2UiPT5bIi9kZXYvZHJpOi9kZXYvZHJpIl19, org.opencontainers.image.created=2024-11-13T19:05:55.221Z)'
-  tz: -0800
   preamble: 13
   priority: notice
   priority_int: 5
@@ -39,6 +38,7 @@ expected:
   program_raw: 'podman[664437]'
   program_sub: ~
   time: 10:07:23.524224
+  tz: -0800
 name: 50a58f26f61a890d291675494c0d9a76
 options:
   AutoDetectKeyValues: 1

diff --git a/t/data/67b8ab574fc3a9a9fd6a0bdaf1231b14.yaml b/t/data/67b8ab574fc3a9a9fd6a0bdaf1231b14.yaml
@@ -14,7 +14,6 @@ expected:
   host_raw: ether
   message: 'rsyslogd-2177: imuxsock begins to drop messages from pid 17840 due to rate-limiting'
   message_raw: '2015 Nov 13 13:40:01 ether rsyslogd-2177: imuxsock begins to drop messages from pid 17840 due to rate-limiting'
-  tz: Z
   preamble: ~
   priority: ~
   priority_int: ~
@@ -23,5 +22,6 @@ expected:
   program_raw: rsyslogd-2177
   program_sub: ~
   time: 13:40:01
+  tz: Z
 name: Year with old date
 string: '2015 Nov 13 13:40:01 ether rsyslogd-2177: imuxsock begins to drop messages from pid 17840 due to rate-limiting'
diff --git a/t/data/6f833459bced8cdc42950602d7798680.yaml b/t/data/6f833459bced8cdc42950602d7798680.yaml
@@ -19,7 +19,6 @@ expected:
   host_raw: janus
   message: 'sudo: brad : TTY=pts/3 ; PWD=/home/brad/code/CPAN/eris-logging ; USER=root ; COMMAND=/bin/grep pam /var/log/messages'
   message_raw: 'May 20 06:40:53 janus sudo:     brad : TTY=pts/3 ; PWD=/home/brad/code/CPAN/eris-logging ; USER=root ; COMMAND=/bin/grep pam /var/log/messages'
-  tz: Z
   preamble: ~
   priority: ~
   priority_int: ~
@@ -28,6 +27,7 @@ expected:
   program_raw: sudo
   program_sub: ~
   time: 06:40:53
+  tz: Z
 name: crond message with key/value detection enabled
 options:
   AutoDetectKeyValues: 1

diff --git a/t/data/7af843bd9c3dad1a054d79ac3f3589c3.yaml b/t/data/7af843bd9c3dad1a054d79ac3f3589c3.yaml
@@ -14,7 +14,6 @@ expected:
   host_raw: janus
   message: 'sshd[10173]: pam_unix(sshd:session): session opened for user brad by (uid=0)'
   message_raw: 'May 19 22:03:29 janus sshd[10173]: pam_unix(sshd:session): session opened for user brad by (uid=0)'
-  tz: Z
   preamble: ~
   priority: ~
   priority_int: ~
@@ -23,5 +22,6 @@ expected:
   program_raw: 'sshd[10173]'
   program_sub: ~
   time: 22:03:29
+  tz: Z
 name: OpenSSH Log sample
 string: 'May 19 22:03:29 janus sshd[10173]: pam_unix(sshd:session): session opened for user brad by (uid=0)'