From 84f77d1790d157b4e6962baf1a7ab8f4a6ae0bbb Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Thu, 4 Jun 2020 13:48:35 -0400
Subject: [PATCH 1/2] fix: Add new programs to vmware map

---
 package/etc/conf.d/filters/VMware/vsphere.conf          | 8 ++++++--
 package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl | 4 ++--
 package/etc/syslog-ng.conf.tmpl                         | 1 +
 tests/docker-compose.yml                                | 2 +-
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/package/etc/conf.d/filters/VMware/vsphere.conf b/package/etc/conf.d/filters/VMware/vsphere.conf
index 12a849e..ac5c1ca 100644
--- a/package/etc/conf.d/filters/VMware/vsphere.conf
+++ b/package/etc/conf.d/filters/VMware/vsphere.conf
@@ -1,6 +1,7 @@
 filter f_vmware_all {
     #begin base vmware
-    program("cimslp", flags(ignore-case))
+    program("applmgmt-audit", flags(ignore-case))
+    or program("cimslp", flags(ignore-case))    
     or program("Fdm", flags(ignore-case))
     or program("Hostd", flags(ignore-case))
     or program("hostd-probe", flags(ignore-case))
@@ -12,6 +13,7 @@ filter f_vmware_all {
     or program("sdrsInjector", flags(ignore-case))
     or program("sfcb-.*", flags(ignore-case))
     or program("storageRM", flags(ignore-case))
+    or program("updatemgr", flags(ignore-case))    
     or program("vmafdd", flags(ignore-case))
     or program("vmcad", flags(ignore-case))
     or program("vmdird", flags(ignore-case))
@@ -63,7 +65,9 @@ filter f_vmware_nsx {
     program("nsx-.*", flags(ignore-case))
 };
 filter f_vmware_vcenter {
-    program("vmafdd", flags(ignore-case))
+    program("applmgmt-audit", flags(ignore-case))    
+    or program("updatemgr", flags(ignore-case))    
+    or program("vmafdd", flags(ignore-case))
     or program("vmcad", flags(ignore-case))
     or program("vmdird", flags(ignore-case))
     or program("vmon", flags(ignore-case))
diff --git a/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl b/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
index f1f50aa..ea20c2a 100644
--- a/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
@@ -21,7 +21,7 @@ log {
         {{- end}}
 
         {{- if eq (getenv "SC4S_DEBUG_STDOUT" "yes") "no"}}
-        destination(d_stdout);
+        #destination(d_stdout);
         {{- end}}
 
         {{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }}
@@ -56,7 +56,7 @@ log {
             };
 
         {{- if eq (getenv "SC4S_DEBUG_STDOUT" "no") "yes"}}
-        destination(d_stdout);
+        #destination(d_stdout);
         {{- end}}
     };
     flags(flow-control,final);
diff --git a/package/etc/syslog-ng.conf.tmpl b/package/etc/syslog-ng.conf.tmpl
index 1cd2a87..7002497 100644
--- a/package/etc/syslog-ng.conf.tmpl
+++ b/package/etc/syslog-ng.conf.tmpl
@@ -31,6 +31,7 @@ options {
         normalize-hostnames(yes);
         on-error(fallback-to-string);
         frac-digits(3);
+        use-rcptid(yes);
 };
 
 
diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml
index 993f5bb..e6c4eb8 100644
--- a/tests/docker-compose.yml
+++ b/tests/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       context: ../package
     hostname: sc4s
     #When this is enabled test_common will fail
-    command: -det
+    command: -dvt
     ports:
       - "514"
       - "601"

From 2af84a6a932f9553ad835375226b58f04a48c7b4 Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Thu, 4 Jun 2020 16:26:15 -0400
Subject: [PATCH 2/2] backout

---
 package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl | 4 ++--
 package/etc/syslog-ng.conf.tmpl                         | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl b/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
index ea20c2a..f1f50aa 100644
--- a/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
@@ -21,7 +21,7 @@ log {
         {{- end}}
 
         {{- if eq (getenv "SC4S_DEBUG_STDOUT" "yes") "no"}}
-        #destination(d_stdout);
+        destination(d_stdout);
         {{- end}}
 
         {{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }}
@@ -56,7 +56,7 @@ log {
             };
 
         {{- if eq (getenv "SC4S_DEBUG_STDOUT" "no") "yes"}}
-        #destination(d_stdout);
+        destination(d_stdout);
         {{- end}}
     };
     flags(flow-control,final);
diff --git a/package/etc/syslog-ng.conf.tmpl b/package/etc/syslog-ng.conf.tmpl
index 7002497..1cd2a87 100644
--- a/package/etc/syslog-ng.conf.tmpl
+++ b/package/etc/syslog-ng.conf.tmpl
@@ -31,7 +31,6 @@ options {
         normalize-hostnames(yes);
         on-error(fallback-to-string);
         frac-digits(3);
-        use-rcptid(yes);
 };