I used to have this Connector running fine....then I decided it would be a good idea to update some plugins *shoot me now*. I've tried reverting to only "released" versions (Apache & Syslog), but still my events are mangled!

Raw:
Code:
{"i_Second":"11","s_Date":"Apr 09 08:10:11","i_milliseconds":"1554761411000","i_TrustDeviceTime":"","i_DayOfMonth":"9","s_raw_message2":"<133>Apr  9 08:10:11 xxxxxx APACHE_HTTPD: www.isag.melbourne x.x.x.x - - [09\/Apr\/2019:08:10:04 +1000] \"GET \/media\/images\/favicon_16x16.ico HTTP\/1.1\" 200 99678 \"-\" \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko\/20100101 Firefox\/66.0\"","i_syslog_facility":"16","s_RV24":"B4F289F0-7F5F-1036-8B4A-000C294C00E8","s_RV25":"6349D9E9-3C75-1037-B6BD-000C294C00E8","s_RV22":"B4F289F0-7F5F-1036-8B40-000C294C00E8","s_RV23":"B4F289F0-7F5F-1036-8B48-000C294C00E8","s_RV21":"C76D2820-C395-1029-BB86-001321B5C0B3","CONNECTION_MODE":"map","s_SyslogRelayIp":"x:x:x:x:x:x:x:x","i_Hour":"8","sf":"","i_syslog_priority":"133","CONNECTION_METHOD":"SYSLOG","s_Version":"2019.1r1-201902270522-SNAPSHOT","s_Body":"APACHE_HTTPD: www.isag.melbourne x.x.x.x - - [09\/Apr\/2019:08:10:04 +1000] \"GET \/media\/images\/favicon_16x16.ico HTTP\/1.1\" 200 99678 \"-\" \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko\/20100101 Firefox\/66.0\"","i_Minute":"10","s_AppId":"APACHE_HTTPD","i_Year":"2019","s_MessageOriginatorHost":"xxxxxx","s_chainId":"1554704691183","s_sha256Hash":"f180ec1d8212525bc2a99db5866fb940f3997f9a21a2e128b0ab0906c95a8f60","i_Month":"3","i_syslog_severity":"5","s_chainSequence":"1558","s_MessageOriginatorPort":"54686","i_RXBufferLength":"244","i_Type":"2","EventSourceManagerID":"C76D2820-C395-1029-BB86-001321B5C0B3","CollectorID":"B4F289F0-7F5F-1036-8B40-000C294C00E8","EventSourceGroupID":"B4F289F0-7F5F-1036-8B48-000C294C00E8","EventSourceID":"B4F289F0-7F5F-1036-8B4A-000C294C00E8","EventRecordID":"6349D9E9-3C75-1037-B6BD-000C294C00E8","ChainID":"1554704691183","ChainSequence":"1558","EventDate":"04\/09\/2019 07:58:19.144 +1000","TenantID":"101100"}
Event:
Code:
TargetHostClass(rv81),ObserverHostDepartment(obsdep),TargetHostFunction(rv82),SourceHostID(rv77),RetentionPolicyName(rv192),TargetHostDepartment(rv98),SourceHostGeoData(srcgeo),Severity(sev),TargetHostName(dhn),ObserverIP(obsip),SearchTargetID(rv172),TargetHostCriticality(rv84),RetentionPolicyID(rv171),TargetIP(dip),TargetServiceName(dp),TenantID(tid),EventTime(dt),ObserverTZMonth(estzmonth),CollectorNodeName(port),SourceHostName(shn),VendorOutcomeCode(voc),ObserverHostClass(obsclass),SourceIP(sip),ReporterIP(repip),ReporterHostID(repassetid),EventID(id),TargetHostLongitude(dlong),ObserverHostGeoData(obsgeo),Vulnerability(vul),SentinelProcessTime(spt),TargetHostGeoData(destgeo),ObserverTZDayInYear(estzdiy),EventName(evt),SentinelServiceID(src),ObserverTZDayInWeek(estzdiw),ObserverTZDayInMonth(estzdim),SourceHostLongitude(srclong),ProductName(pn),SentinelProcessingComponent(rt2),ObserverHostFunction(obsfunc),ObserverHostName(sn),ObserverType(st),TenantHierarchyID(rv1),CollectorPluginName(agent),IdTApprovedAccountAdmins(cv81),IDManagedSystems(cv82),TargetHostLatitude(dlat),ObserverHostLongitude(obslong),NetworkZone(cv97),SentinelID(rv121),CollectorPluginID(rv122),ObserverHostCriticality(obscrit),Message(msg),ObserverTZHour(estzhour),SourceHostLatitude(srclat),TargetHostCountry(rv30),ObserverCategory(rv32),MinRetentionDate(rv164),ObserverHostLatitude(obslat),ObserverTZ(estz),TenantName(rv39),ConnectorID(rv23),ObserverTZMinute(estzmin),CollectorID(rv22),RawDataRecordId(rv25),EventSourceID(rv24),CollectorManagerID(rv21),SourceHostCountry(rv29),Tags(rv145),ObserverHostCountry(obscountry)
Physical,ISAG,Main Server,0,System Events,ISAG,"-37.8330862,144.9455179",4,xxxxxx,x.x.x.x,B4F289F0-7F5F-1036-96D5-000C294C00E8,Critical,6E1CCA35-4BD4-102D-91CD-000C2907C76D,192.168.245.3,httpd,101100,Tue Apr 09 07:58:19 AEST 2019,3,Apache HTTPD,www.isag.melbourne,GET /media/images/favicon_16x16.ico HTTP/1.1,Physical,x.x.x.x,x:x:x:x:x:x:x:x,0,BD49D9E9-3C75-1037-B677-000C294C00E8,144.9455179,"-37.8330862,144.9455179",0,Tue Apr 09 07:58:19 AEST 2019,"-37.8330862,144.9455179",99,+1000],B4F289F0-7F5F-1036-8B40-000C294C00E8,3,9,144.9455179,Apache HTTP Server,Apache HTTP Server,Main Server,xxxxxx,A,0,Apache HTTP Server,0,0,-37.8330862,144.9455179,LAN,B4F289F0-7F5F-1036-9632-000C294C00E8,A5E13B30-5A4A-102C-9069-005056C00008,Critical,+1000] by www.isag.melbourne,7,-37.8330862,AU,WEB,Mon Jul 08 10:00:00 AEST 2019,-37.8330862,Australia/Melbourne,ISAG,B4F289F0-7F5F-1036-8B48-000C294C00E8,58,B4F289F0-7F5F-1036-8B40-000C294C00E8,6349D9E9-3C75-1037-B6BD-000C294C00E8,B4F289F0-7F5F-1036-8B4A-000C294C00E8,C76D2820-C395-1029-BB86-001321B5C0B3,AU,Sentinel,AU
I know its hard to spot, but it appears that the date parsing is causing the problems....it doesn't seem to cope with the " +1000" GMT identifier, so all the fields get offset and its just plain rubbish.

I grabbed the SDK and tried looking, but am completely lost. I think its in the release.js (???) line 282:

Code:
var evtDate = DateTime.parseExact(this.fields[3].substr(1), "dd/MMM/yyyy:HH:mm:ss", this.fields[4].substr(0, 5));
But unsure, and only reference to parseExact is Microsoft's C# one, but this is JS....so...????