From 368f9d177117e3c155e74d56297b12168eb72f5b Mon Sep 17 00:00:00 2001 From: Mark Bonsack Date: Mon, 24 Feb 2020 08:24:42 -0800 Subject: [PATCH] Add alternate destination support * Add global and source-specific alternate destination support to all log paths --- docs/configuration.md | 17 +++++++++++++++++ .../log_paths/lp-checkpoint_splunk.conf.tmpl | 10 +++++++++- .../etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl | 10 +++++++++- .../conf.d/log_paths/lp-cisco_apic.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-cisco_asa.conf.tmpl | 8 ++++++++ .../log_paths/lp-cisco_asa_legacy.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-cisco_ios.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-cisco_ise.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-cisco_meraki.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-cisco_nxos.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-cisco_ucm.conf.tmpl | 8 ++++++++ .../log_paths/lp-citrix-netscaler.conf.tmpl | 8 ++++++++ .../log_paths/lp-common_event_format.conf.tmpl | 8 ++++++++ .../lp-forcepoint_webprotect.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-fortinet.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-infoblox.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-juniper_idp.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-juniper_junos.conf.tmpl | 8 ++++++++ .../lp-juniper_junos_structured.conf.tmpl | 8 ++++++++ .../log_paths/lp-juniper_netscreen.conf.tmpl | 10 +++++++++- .../conf.d/log_paths/lp-juniper_nsm.conf.tmpl | 8 ++++++++ .../log_paths/lp-juniper_nsm_idp.conf.tmpl | 8 ++++++++ .../log_paths/lp-paloalto_panos.conf.tmpl | 8 ++++++++ .../etc/conf.d/log_paths/lp-pfsense.conf.tmpl | 8 ++++++++ .../log_paths/lp-proofpoint_pps.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-sc4s_internal.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-sc4s_startup.conf.tmpl | 8 ++++++++ .../log_paths/lp-symantec_brightmail.conf.tmpl | 8 ++++++++ .../log_paths/lp-symantec_proxy.conf.tmpl | 8 ++++++++ .../log_paths/lp-ubiquiti_unifi.conf.tmpl | 10 +++++++++- .../log_paths/lp-vmware_vsphere.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-zscaler_nss.conf.tmpl | 8 ++++++++ .../log_paths/lp-zzy-nix_syslog.conf.tmpl | 8 ++++++++ .../conf.d/log_paths/lp-zzz-fallback.conf.tmpl | 10 +++++++++- 34 files changed, 286 insertions(+), 5 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 9860a3c..00908f7 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -26,6 +26,23 @@ syslog. | SC4S_DEST_SPLUNK_HEC_TLS_VERIFY | yes(default) or no | verify HTTP(s) certificate | | SC4S_DEST_SPLUNK_HEC_WORKERS | numeric | Number of destination workers (threads). Set this to the number of HEC endpoints up to a max of 32. | +## Alternate Destination Configuration + +Alternate destinations other than HEC can be configured in SC4S. Global and/or source-specific forms of the +variables below can be used to send data to alternate destinations. + +* NOTE: The administrator is responsible for ensuring that the alternate destinations are configured in the +local mount tree, and that syslog-ng properly parses them. + +* NOTE: Do not include `d_hec` in any list of alternate destinations. The configuration of the default HEC destination is configured +separately from that of the alternates below. + + +| Variable | Values | Description | +|----------|---------------|-------------| +| SC4S_DEST_GLOBAL_ALTERNATES | Comma or space-separated list of syslog-ng destinations | Send all sources to alternate destinations | +| SC4S_DEST_\_ALTERNATES | Comma or space-separated list of syslog-ng destiinations | Send specific sources to alternate syslog-ng destinations, e.g. SC4S_DEST_CISCO_ASA_ALTERNATES | + ## SC4S Disk Buffer Configuration Disk buffers in SC4S are allocated _per destination_. In the future as more destinations are supported, a separate list of variables diff --git a/package/etc/conf.d/log_paths/lp-checkpoint_splunk.conf.tmpl b/package/etc/conf.d/log_paths/lp-checkpoint_splunk.conf.tmpl index bddcbd3..ed34f40 100644 --- a/package/etc/conf.d/log_paths/lp-checkpoint_splunk.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-checkpoint_splunk.conf.tmpl @@ -88,5 +88,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CHECKPOINT_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CHECKPOINT_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); -}; \ No newline at end of file +}; diff --git a/package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl index 817df0a..ff1109a 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl @@ -87,7 +87,15 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_ACS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_ACS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; -}; \ No newline at end of file +}; diff --git a/package/etc/conf.d/log_paths/lp-cisco_apic.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_apic.conf.tmpl index cd3d9f9..64c123b 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_apic.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_apic.conf.tmpl @@ -52,5 +52,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_APIC_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_APIC_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_asa.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_asa.conf.tmpl index 9045821..76c8a8b 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_asa.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_asa.conf.tmpl @@ -37,5 +37,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_ASA_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_ASA_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_asa_legacy.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_asa_legacy.conf.tmpl index a8bf9c5..f29a551 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_asa_legacy.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_asa_legacy.conf.tmpl @@ -41,5 +41,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_ASA_LEGACY_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_ASA_LEGACY_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_ios.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_ios.conf.tmpl index 80aae01..89186e2 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_ios.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_ios.conf.tmpl @@ -37,5 +37,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_IOS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_IOS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_ise.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_ise.conf.tmpl index 9a5bf0f..a7d47e1 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_ise.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_ise.conf.tmpl @@ -89,6 +89,14 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_ISE_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_ISE_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_meraki.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_meraki.conf.tmpl index c0f37ce..3822ee6 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_meraki.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_meraki.conf.tmpl @@ -37,5 +37,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_MERAKI_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_MERAKI_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl index 8bf2d2b..ed387d2 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl @@ -38,5 +38,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_NXOS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_NXOS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-cisco_ucm.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_ucm.conf.tmpl index e0823cf..61d0274 100644 --- a/package/etc/conf.d/log_paths/lp-cisco_ucm.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-cisco_ucm.conf.tmpl @@ -58,5 +58,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CISCO_UCM_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CISCO_UCM_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-citrix-netscaler.conf.tmpl b/package/etc/conf.d/log_paths/lp-citrix-netscaler.conf.tmpl index ed11613..ed6f197 100644 --- a/package/etc/conf.d/log_paths/lp-citrix-netscaler.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-citrix-netscaler.conf.tmpl @@ -37,5 +37,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CITRIX_NETSCALER_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CITRIX_NETSCALER_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl index 5c25810..0b6b320 100644 --- a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl @@ -97,5 +97,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_CEF_ALTERNATES")) }} + {{ getenv "SC4S_DEST_CEF_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-forcepoint_webprotect.conf.tmpl b/package/etc/conf.d/log_paths/lp-forcepoint_webprotect.conf.tmpl index 3b55bfa..40c072f 100644 --- a/package/etc/conf.d/log_paths/lp-forcepoint_webprotect.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-forcepoint_webprotect.conf.tmpl @@ -38,5 +38,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_FORCEPOINT_WEBPROTECT_ALTERNATES")) }} + {{ getenv "SC4S_DEST_FORCEPOINT_WEBPROTECT_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-fortinet.conf.tmpl b/package/etc/conf.d/log_paths/lp-fortinet.conf.tmpl index 7435657..045dbe4 100644 --- a/package/etc/conf.d/log_paths/lp-fortinet.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-fortinet.conf.tmpl @@ -114,5 +114,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_FORTINET_ALTERNATES")) }} + {{ getenv "SC4S_DEST_FORTINET_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl b/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl index 8b40188..40318ae 100644 --- a/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl @@ -70,5 +70,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_INFOBLOX_ALTERNATES")) }} + {{ getenv "SC4S_DEST_INFOBLOX_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-juniper_idp.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_idp.conf.tmpl index 436963a..969c250 100644 --- a/package/etc/conf.d/log_paths/lp-juniper_idp.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-juniper_idp.conf.tmpl @@ -37,5 +37,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_JUNIPER_IDP_ALTERNATES")) }} + {{ getenv "SC4S_DEST_JUNIPER_IDP_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl index 05d7e5d..c5a2786 100644 --- a/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl @@ -56,5 +56,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_JUNIPER_JUNOS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_JUNIPER_JUNOS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl index d5ae714..e42756a 100644 --- a/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl @@ -64,5 +64,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_JUNOS_STRUCTURED_ALTERNATES")) }} + {{ getenv "SC4S_DEST_JUNOS_STRUCTURED_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-juniper_netscreen.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_netscreen.conf.tmpl index 74c40b0..49cdbb9 100644 --- a/package/etc/conf.d/log_paths/lp-juniper_netscreen.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-juniper_netscreen.conf.tmpl @@ -36,5 +36,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_JUNIPER_NETSCREEN_ALTERNATES")) }} + {{ getenv "SC4S_DEST_JUNIPER_NETSCREEN_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); -}; \ No newline at end of file +}; diff --git a/package/etc/conf.d/log_paths/lp-juniper_nsm.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_nsm.conf.tmpl index 650b7c9..9ac7cfd 100644 --- a/package/etc/conf.d/log_paths/lp-juniper_nsm.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-juniper_nsm.conf.tmpl @@ -37,5 +37,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_JUNIPER_NSM_ALTERNATES")) }} + {{ getenv "SC4S_DEST_JUNIPER_NSM_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-juniper_nsm_idp.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_nsm_idp.conf.tmpl index e76fb0a..e9f58e0 100644 --- a/package/etc/conf.d/log_paths/lp-juniper_nsm_idp.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-juniper_nsm_idp.conf.tmpl @@ -36,5 +36,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_JUNIPER_NSM_IDP_ALTERNATES")) }} + {{ getenv "SC4S_DEST_JUNIPER_NSM_IDP_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-paloalto_panos.conf.tmpl b/package/etc/conf.d/log_paths/lp-paloalto_panos.conf.tmpl index f115db2..2f9cd3d 100644 --- a/package/etc/conf.d/log_paths/lp-paloalto_panos.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-paloalto_panos.conf.tmpl @@ -93,5 +93,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_PALOALTO_PANOS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_PALOALTO_PANOS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-pfsense.conf.tmpl b/package/etc/conf.d/log_paths/lp-pfsense.conf.tmpl index b9ea159..293f428 100644 --- a/package/etc/conf.d/log_paths/lp-pfsense.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-pfsense.conf.tmpl @@ -54,5 +54,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_PFSENSE_ALTERNATES")) }} + {{ getenv "SC4S_DEST_PFSENSE_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-proofpoint_pps.conf.tmpl b/package/etc/conf.d/log_paths/lp-proofpoint_pps.conf.tmpl index dc911ec..8881d4c 100644 --- a/package/etc/conf.d/log_paths/lp-proofpoint_pps.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-proofpoint_pps.conf.tmpl @@ -44,5 +44,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_PROOFPOINT_PPS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_PROOFPOINT_PPS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl b/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl index 0756b20..9dc43ae 100644 --- a/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl @@ -33,6 +33,14 @@ log { destination(d_stdout); {{- end}} + {{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); + {{- end }} + + {{- if (print (getenv "SC4S_DEST_INTERNAL_EVENTS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_INTERNAL_EVENTS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); + {{- end }} + }; flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-sc4s_startup.conf.tmpl b/package/etc/conf.d/log_paths/lp-sc4s_startup.conf.tmpl index c6607be..ab4c5c7 100644 --- a/package/etc/conf.d/log_paths/lp-sc4s_startup.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-sc4s_startup.conf.tmpl @@ -30,5 +30,13 @@ log { destination(d_stdout); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_INTERNAL_EVENTS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_INTERNAL_EVENTS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-symantec_brightmail.conf.tmpl b/package/etc/conf.d/log_paths/lp-symantec_brightmail.conf.tmpl index 8ae5329..baa48a9 100644 --- a/package/etc/conf.d/log_paths/lp-symantec_brightmail.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-symantec_brightmail.conf.tmpl @@ -93,5 +93,13 @@ log { }; {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_SYMANTEC_BRIGHTMAIL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_SYMANTEC_BRIGHTMAIL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-symantec_proxy.conf.tmpl b/package/etc/conf.d/log_paths/lp-symantec_proxy.conf.tmpl index cc3524d..8d5b475 100644 --- a/package/etc/conf.d/log_paths/lp-symantec_proxy.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-symantec_proxy.conf.tmpl @@ -38,5 +38,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_SYMANTEC_PROXY_ALTERNATES")) }} + {{ getenv "SC4S_DEST_SYMANTEC_PROXY_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-ubiquiti_unifi.conf.tmpl b/package/etc/conf.d/log_paths/lp-ubiquiti_unifi.conf.tmpl index cee88ad..bccf149 100644 --- a/package/etc/conf.d/log_paths/lp-ubiquiti_unifi.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-ubiquiti_unifi.conf.tmpl @@ -116,7 +116,7 @@ log { rewrite { set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG")); }; -{{- if or (conv.ToBool (getenv "SC4S_DEST_SPLUNK_HEC_GLOBAL" "yes")) (conv.ToBool (getenv "SC4S_DEST_PROOFPOINT_UBIQUITI_UNIFI_HEC" "no")) }} +{{- if or (conv.ToBool (getenv "SC4S_DEST_SPLUNK_HEC_GLOBAL" "yes")) (conv.ToBool (getenv "SC4S_DEST_UBIQUITI_UNIFI_HEC" "no")) }} destination(d_hec); {{- end}} @@ -124,5 +124,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_UBIQUITI_UNIFI_ALTERNATES")) }} + {{ getenv "SC4S_DEST_UBIQUITI_UNIFI_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-vmware_vsphere.conf.tmpl b/package/etc/conf.d/log_paths/lp-vmware_vsphere.conf.tmpl index 877eb18..13b77b5 100644 --- a/package/etc/conf.d/log_paths/lp-vmware_vsphere.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-vmware_vsphere.conf.tmpl @@ -97,5 +97,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_VMWARE_VSPHERE_ALTERNATES")) }} + {{ getenv "SC4S_DEST_VMWARE_VSPHERE_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-zscaler_nss.conf.tmpl b/package/etc/conf.d/log_paths/lp-zscaler_nss.conf.tmpl index 3959dc2..c1c57e3 100644 --- a/package/etc/conf.d/log_paths/lp-zscaler_nss.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-zscaler_nss.conf.tmpl @@ -78,5 +78,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_ZSCALER_NSS_ALTERNATES")) }} + {{ getenv "SC4S_DEST_ZSCALER_NSS_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-zzy-nix_syslog.conf.tmpl b/package/etc/conf.d/log_paths/lp-zzy-nix_syslog.conf.tmpl index be65104..9b9f848 100644 --- a/package/etc/conf.d/log_paths/lp-zzy-nix_syslog.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-zzy-nix_syslog.conf.tmpl @@ -40,5 +40,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_NIX_SYSLOG_ALTERNATES")) }} + {{ getenv "SC4S_DEST_NIX_SYSLOG_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,final); }; diff --git a/package/etc/conf.d/log_paths/lp-zzz-fallback.conf.tmpl b/package/etc/conf.d/log_paths/lp-zzz-fallback.conf.tmpl index 1298c67..a3a33d9 100644 --- a/package/etc/conf.d/log_paths/lp-zzz-fallback.conf.tmpl +++ b/package/etc/conf.d/log_paths/lp-zzz-fallback.conf.tmpl @@ -28,5 +28,13 @@ log { destination(d_archive); {{- end}} +{{- if (print (getenv "SC4S_DEST_GLOBAL_ALTERNATES")) }} + {{ getenv "SC4S_DEST_GLOBAL_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + +{{- if (print (getenv "SC4S_DEST_FALLBACK_ALTERNATES")) }} + {{ getenv "SC4S_DEST_FALLBACK_ALTERNATES" | regexp.ReplaceLiteral "^" "destination(" | regexp.ReplaceLiteral "[, ]+" ");\n destination(" }}); +{{- end }} + flags(flow-control,fallback); -}; \ No newline at end of file +};