Beats: Typo in syslog_rfc3164.rl causes parsing errors for December syslog dates

For confirmed bugs, please report:

• Version: 6.3.2
• Operating System: FreeBSD
• Discuss Forum URL: https://discuss.elastic.co/t/typo-in-syslog-rfc3164-rl-causes-parsing-errors-for-december-syslog-dates/159030
• Steps to Reproduce: With the system clock on the computer where filebeat is installed set to the month of December, attempt to ingest a syslog message using the syslog input plugin. These are the errors I get:

2018-12-02T07:38:44.727Z    ERROR   [syslog]    syslog/input.go:114 can't not parse event as syslog rfc3164 {"message": "Dec 02 07:38:44 freebsd-11-2 crontab[81334]: (root) BEGIN EDIT (root)"}

This is a properly formatted rfc3164 syslog message, as far as I can tell. Looking at the source code, the month strings are defined in the file syslog_rfc3164.rl. The definition is:

month = ( "Jan" ("uary")? | "Feb" "ruary"? | "Mar" "ch"? | "Apr" "il"? | "Ma" "y"? | "Jun" "e"? | "Jul" "y"? | "Aug" "ust"? | "Sep" ("tember")? | "Oct" "ober"? | "Nov" "ember"? | "ec" "ember"?) >tok %month;

I'm guessing that it should be:

month = ( "Jan" ("uary")? | "Feb" "ruary"? | "Mar" "ch"? | "Apr" "il"? | "Ma" "y"? | "Jun" "e"? | "Jul" "y"? | "Aug" "ust"? | "Sep" ("tember")? | "Oct" "ober"? | "Nov" "ember"? | "Dec" "ember"?) >tok %month;

That is, there is a missing capital D from the December string. Because of this, any syslog message with the month of December in the date will trigger the error.

Edit: I built a filebeat binary on FreeBSD (had to get rid of some gosigar stuff that doesn't work on FreeBSD, HugeTLBPages) with the file patched. However, I am still getting the error message in my logs:

2018-12-02T09:12:16.988Z    ERROR   [syslog]    syslog/input.go:131 can't not parse event as syslog rfc3164 {"message": "Dec 02 09:12:16 freebsd-11-2 crontab[51480]: (root) BEGIN EDIT (root)"}

Any ideas, then, what might be causing this problem?