Skip to content

Commit

Permalink
Fix feature flag
Browse files Browse the repository at this point in the history
  • Loading branch information
rfaircloth-splunk committed Dec 13, 2019
1 parent 1f02296 commit 3df2bce
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 9 deletions.
2 changes: 1 addition & 1 deletion docs/sources/Symantec/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ MSG Parse: This filter parses message content
|----------------|----------------|----------------|
| SC4S_LISTEN_SYMANTEC_BRIGHTMAIL_TCP_PORT | empty string | Enable a TCP port for this specific vendor product using the number defined |
| SC4S_LISTEN_SYMANTEC_BRIGHTMAIL_UDP_PORT | empty string | Enable a UDP port for this specific vendor product using the number defined |
| SC4S_ARCHIVE_SYMANTEC_PROXY | no | Enable archive to disk for this specific source |
| SC4S_ARCHIVE_SYMANTEC_BRIGHTMAIL | no | Enable archive to disk for this specific source |
| SC4S_DEST_SYMANTEC_BRIGHTMAIL_HEC | no | When Splunk HEC is disabled globally set to yes to enable this specific source |
| SC4S_SOURCE_FF_SYMANTEC_BRIGHTMAIL_GROUPMSG | yes | Email processing events generated by the bmserver process will be grouped by host+program+pid+msg ID into a single event |
### Verification
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if ((getenv "SC4S_SOURCE_FF_SYMANTEC_BRIGHTMAIL_GROUPMSG" "yes") | conv.ToBool)
filter f_symantec_brightmail_complete{
match("yes", value("SMG.COMPLETE") type(glob));
};
Expand All @@ -13,12 +14,12 @@ parser symantec_brightmail_grouping {
key("${SMG.seq}")
timeout(2)
aggregate(
value("MESSAGE" ";CONTEXT|${PID};${SMG.seq}|$(implode ';' $(context-values ${MESSAGE}))")
value("MESSAGE" "${PID}|${SMG.seq}|$(implode ';' $(context-values ${MESSAGE}))")
value("SMG.COMPLETE" "yes")
)
);
};

{{- end }}

{{ $context := dict "port_id" "SYMANTEC_BRIGHTMAIL" "parser" "common" }}
{{ tmpl.Exec "t/source_network.t" $context }}
Expand All @@ -35,12 +36,11 @@ log {
{{- end }}

{{- if ((getenv "SC4S_SOURCE_FF_SYMANTEC_BRIGHTMAIL_GROUPMSG" "yes") | conv.ToBool)

if {
filter(f_symantec_brightmail_details);

filter(f_symantec_brightmail_details);
parser(symantec_brightmail_grouping);
{{- end}}

if {
filter(f_symantec_brightmail_complete);

Expand Down Expand Up @@ -77,7 +77,8 @@ log {

};
} else {
{{- end}}
{{- end }}

rewrite {
set("symantec_brightmail", value("fields.sc4s_vendor_product"));
};
Expand Down Expand Up @@ -108,9 +109,7 @@ log {
{{- if (getenv "SC4S_ARCHIVE_GLOBAL") or (getenv "SC4S_ARCHIVE_SYMANTEC_BRIGHTMAIL") }}
destination(d_archive);
{{- end}}

{{- if ((getenv "SC4S_SOURCE_FF_SYMANTEC_BRIGHTMAIL_GROUPMSG" "yes") | conv.ToBool)

};
{{- end}}

Expand Down

0 comments on commit 3df2bce

Please sign in to comment.