diff --git a/src/main/java/org/graylog2/syslog4j/server/impl/event/FortiGateSyslogEvent.java b/src/main/java/org/graylog2/syslog4j/server/impl/event/FortiGateSyslogEvent.java
index 1e69bef..23bd51e 100644
--- a/src/main/java/org/graylog2/syslog4j/server/impl/event/FortiGateSyslogEvent.java
+++ b/src/main/java/org/graylog2/syslog4j/server/impl/event/FortiGateSyslogEvent.java
@@ -29,9 +29,8 @@
* @see FortiGate logging and reporting overview
*/
public class FortiGateSyslogEvent implements SyslogServerEventIF {
- private static final Pattern PRI_PATTERN = Pattern.compile("^<(\\d{1,3})>(.*)$");
- private static final Pattern KV_PATTERN = Pattern.compile("(\\w+)=([^\\s\"]*)");
- private static final Pattern QUOTED_KV_PATTERN = Pattern.compile("(\\w+)=\"([^\"]*)\"");
+ private static final Pattern PRI_PATTERN = Pattern.compile("^<(\\d{1,3})>(.*)");
+ private static final Pattern KV_PATTERN = Pattern.compile("(\\w+)=(?:\"([^\"]*)\"|([^\\s\"]*))");
private String rawEvent;
private ZoneId defaultZoneId;
@@ -60,7 +59,7 @@ private void initialize(final String rawEvent, DateTimeZone sysLogServerTimeZone
private void parse(String event) {
final Matcher matcher = PRI_PATTERN.matcher(event);
if (!matcher.find()) {
- throw new IllegalArgumentException("Invalid Fortigate syslog message");
+ throw new IllegalArgumentException("Invalid Fortigate syslog message: " + event);
} else {
final String priority = matcher.group(1);
final String message = matcher.group(2);
@@ -87,11 +86,7 @@ private void parseFields(String event) {
final Map fields = new HashMap<>();
final Matcher matcher = KV_PATTERN.matcher(event);
while (matcher.find()) {
- fields.put(matcher.group(1), matcher.group(2));
- }
- final Matcher quotedMatcher = QUOTED_KV_PATTERN.matcher(event);
- while (quotedMatcher.find()) {
- fields.put(quotedMatcher.group(1), quotedMatcher.group(2));
+ fields.put(matcher.group(1), matcher.group(2) != null ? matcher.group(2) : matcher.group(3));
}
setFields(fields);
}