elastic
diff --git a/‎CHANGELOG.next.asciidoc‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.next.asciidoc‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎filebeat/input/syslog/parser/syslog_rfc3164.rl‎
Lines changed: 1 addition & 1 deletion b/‎filebeat/input/syslog/parser/syslog_rfc3164.rl‎
Lines changed: 1 addition & 1 deletion
@@ -419,6 +419,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Update `tags` and `threatintel.indicator.provider` fields in `threatintel.anomali` ingest pipeline {issue}24746[24746] {pull}27141[27141]
 - Move AWS module and filesets to GA. {pull}27428[27428]
 - update ecs.version to ECS 1.11.0. {pull}27107[27107]
+- Added support for parsing syslog dates containing a leading 0 (e.g. `Sep 01`) rather than a space. {pull}27775[27775]
 - Add base64 Encode functionality to httpjson input. {pull}27681[27681]
 - Add `join` and `sprintf` functions to `httpjson` input. {pull}27735[27735]
 
 
@@ -17,7 +17,7 @@
   month = ( "Jan" ("uary")? | "Feb" "ruary"? | "Mar" "ch"? | "Apr" "il"? | "Ma" "y"? | "Jun" "e"? | "Jul" "y"? | "Aug" "ust"? | "Sep" ("tember")? | "Oct" "ober"? | "Nov" "ember"? | "Dec" "ember"?) >tok %month;
 
   # Match: " 5" and "10" as the day
-  multiple_digits_day = (([12][0-9]) | ("3"[01]))>tok %day;
+  multiple_digits_day = (([012][0-9]) | ("3"[01]))>tok %day;
   single_digit_day = [1-9]>tok %day;
   day = (space? single_digit_day | multiple_digits_day);