From 5ccc40efa0095442828ecd0ebf6409f097fac928 Mon Sep 17 00:00:00 2001 From: rfaircloth-splunk Date: Thu, 2 Apr 2020 12:22:38 -0400 Subject: [PATCH 1/2] Unique persist-names --- package/etc/go_templates/source_network.t | 2 +- tests/docker-compose-ci.yml | 6 ++++++ tests/docker-compose.yml | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t index a2ef26f..5c7e8b4 100644 --- a/package/etc/go_templates/source_network.t +++ b/package/etc/go_templates/source_network.t @@ -2,7 +2,7 @@ syslog ( transport("udp") so-reuseport(1) - persist-name("udp{{.instance}}") + persist-name("{{.port_id}}{{.instance}}") port({{ getenv (print "SC4S_LISTEN_" .port_id "_UDP_PORT") "514" }}) ip-protocol(4) so-rcvbuf({{getenv "SC4S_SOURCE_UDP_SO_RCVBUFF" "1703936"}}) diff --git a/tests/docker-compose-ci.yml b/tests/docker-compose-ci.yml index 3fe2010..e45bda0 100644 --- a/tests/docker-compose-ci.yml +++ b/tests/docker-compose-ci.yml @@ -48,6 +48,12 @@ services: - SC4S_LISTEN_JUNIPER_IDP_TCP_PORT=5004 - SC4S_LISTEN_PALOALTO_PANOS_TCP_PORT=5005 - SC4S_LISTEN_PFSENSE_TCP_PORT=5006 + - SC4S_LISTEN_CISCO_ASA_UDP_PORT=5001 + - SC4S_LISTEN_CISCO_IOS_UDP_PORT=5002 + - SC4S_LISTEN_CISCO_MERAKI_UDP_PORT=5003 + - SC4S_LISTEN_JUNIPER_IDP_UDP_PORT=5004 + - SC4S_LISTEN_PALOALTO_PANOS_UDP_PORT=5005 + - SC4S_LISTEN_PFSENSE_UDP_PORT=5006 - SC4S_ARCHIVE_GLOBAL=no splunk: build: diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index d893bae..643be05 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -38,6 +38,12 @@ services: - SC4S_LISTEN_JUNIPER_IDP_TCP_PORT=5004 - SC4S_LISTEN_PALOALTO_PANOS_TCP_PORT=5005 - SC4S_LISTEN_PFSENSE_TCP_PORT=5006 + - SC4S_LISTEN_CISCO_ASA_UDP_PORT=5001 + - SC4S_LISTEN_CISCO_IOS_UDP_PORT=5002 + - SC4S_LISTEN_CISCO_MERAKI_UDP_PORT=5003 + - SC4S_LISTEN_JUNIPER_IDP_UDP_PORT=5004 + - SC4S_LISTEN_PALOALTO_PANOS_UDP_PORT=5005 + - SC4S_LISTEN_PFSENSE_UDP_PORT=5006 - SC4S_ARCHIVE_GLOBAL=no - SC4S_SOURCE_STORE_RAWMSG=yes splunk: From ab87f12dbefd330808019cffe342d6b1a32e4b66 Mon Sep 17 00:00:00 2001 From: rfaircloth-splunk Date: Thu, 2 Apr 2020 14:01:37 -0400 Subject: [PATCH 2/2] Update source_network.t --- package/etc/go_templates/source_network.t | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t index 5c7e8b4..6d7a6d3 100644 --- a/package/etc/go_templates/source_network.t +++ b/package/etc/go_templates/source_network.t @@ -2,7 +2,7 @@ syslog ( transport("udp") so-reuseport(1) - persist-name("{{.port_id}}{{.instance}}") + persist-name("{{ .port_id }}{{ .instance }}") port({{ getenv (print "SC4S_LISTEN_" .port_id "_UDP_PORT") "514" }}) ip-protocol(4) so-rcvbuf({{getenv "SC4S_SOURCE_UDP_SO_RCVBUFF" "1703936"}}) @@ -23,8 +23,9 @@ source s_{{ .port_id }} { channel { source { {{- if or (getenv (print "SC4S_LISTEN_" .port_id "_UDP_PORT")) (eq .port_id "DEFAULT") }} +{{- $port_id := .port_id }} {{- range (math.Seq (getenv "SC4S_SOURCE_LISTEN_UDP_SOCKETS" "5"))}} -{{- $context := dict "instance" . "port_id" "DEFAULT" }} +{{- $context := dict "instance" . "port_id" $port_id }} {{- template "UDP" $context }} {{- end}} {{- end}}