From d81671f82d15e60f53dfe3fe43326f27d5d39c03 Mon Sep 17 00:00:00 2001
From: James Truher <james@jwtmbp.local>
Date: Fri, 2 Jun 2023 16:47:12 -0700
Subject: [PATCH] Update syslog parser to handle modern formats.

---
 test/tools/Modules/PSSysLog/PSSysLog.psm1 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/tools/Modules/PSSysLog/PSSysLog.psm1 b/test/tools/Modules/PSSysLog/PSSysLog.psm1
index 4dd0da0ade2..634e0903109 100644
--- a/test/tools/Modules/PSSysLog/PSSysLog.psm1
+++ b/test/tools/Modules/PSSysLog/PSSysLog.psm1
@@ -218,8 +218,22 @@ class PSLogItem
         In those cases, a single message is logged in the following format
 
         MMM dd HH:MM:SS machinename id[PID]: message repeated NNN times: [(commitid:TID:CHANNEL) [EventName] Message]
+
+        Alternatively, more recent syslog daemons may change the message format to:
+
+	2023-06-02T22:49:50.513735+00:00 machinename id[PID]: message repeated NNN times: [(commitid:TID:CHANNEL) [EventName] Message]
+
+        the first element of the line may be converted to a datetime, which we can use to convert the input to the expected string.
         #>
 
+        $firstToken = $content.split()[0]
+        $dt = $firstToken -as [DateTime]
+        if ($dt)
+        {
+            $replacement = "{0:MMM} {0:dd} {0:hh}:{0:mm}:{0:ss}" -f $dt
+            $content = $content.replace($firstToken,$replacement)
+        }
+
         # split contents into separate space delimited tokens (first 7) and leave the rest as the message.
         [string[]] $parts = $content.Split(' ', 8, [System.StringSplitOptions]::RemoveEmptyEntries)