Merge branch 'develop' into feature/3.27.1

docs/configuration.md

@@ -9,6 +9,7 @@ and variables needed to properly configure SC4S for your environment.
 |----------|---------------|-------------|
 | SPLUNK_HEC_URL | url | URL(s) of the Splunk endpoint, can be a single URL space seperated list |
 | SPLUNK_HEC_TOKEN | string | Splunk HTTP Event Collector Token |
+| SC4S_GLOBAL_DNS_USE | yes or no(default) | use reverse DNS to identify hosts when HOST is not valid in the syslog header |
 
 * NOTE:  Do _not_ configure HEC Acknowledgement when deploying the HEC token on the Splunk side; the underlying syslog-ng http
 destination does not support this feature.  Moreover, HEC Ack would significantly degrade performance for streaming data such as

docs/gettingstarted/podman-systemd-general.md

@@ -19,10 +19,12 @@ to install and run it each time sc4s starts.  It should be available in all RHEL
 <dnf or yum> install conntrack
 ```
 
-After this is done, add the following entry to the unit file (and/or use the command when starting sc4s manually):
+After this is done, add the following entry to the unit file (and/or use the command when starting sc4s manually).
+Note that the space on either side of the semicolon in the `ExecStartPost` entry is _required_ and systemd
+will error out if it is missing.
 
 ```
-ExecStartPost=sleep 2; conntrack -D -p udp
+ExecStartPost=sleep 2 ; conntrack -D -p udp
 ```
 
 This command will delete the old (stale) UDP entries two seconds after the container starts and allow the system to build a new table that
@@ -82,7 +84,7 @@ ExecStart=/usr/bin/podman run -p 514:514 -p 514:514/udp -p 6514:6514 \
         "$SC4S_TLS_DIR" \
         --name SC4S \
         --rm $SC4S_IMAGE
-ExecStartPost=sleep 2; conntrack -D -p udp
+ExecStartPost=sleep 2 ; conntrack -D -p udp
 ```
 
 * Execute the following command to create a local volume that will contain the disk buffer files in the event of a communication

package/Dockerfile

@@ -13,7 +13,7 @@ COPY --from=hairyhenderson/gomplate:v3.5.0 /gomplate /usr/local/bin/gomplate
 
 COPY goss.yaml goss.yaml
 
-COPY etc/syslog-ng.conf /opt/syslog-ng/etc/syslog-ng.conf
+COPY etc/syslog-ng.conf.tmpl /opt/syslog-ng/etc/syslog-ng.conf.tmpl
 COPY etc/conf.d /opt/syslog-ng/etc/conf.d
 COPY etc/go_templates /opt/syslog-ng/etc/go_templates
 COPY etc/context_templates /opt/syslog-ng/etc/context_templates

package/etc/conf.d/conflib/_common/templates.conf

@@ -80,6 +80,7 @@ template t_JSON_5424 {
     template('$(format-json --scope rfc5424
                 --pair PRI="<$PRI>"
                 --key ISODATE
+                --key RAWMSG
                 --exclude DATE
                 --exclude FACILITY
                 --exclude PRIORITY
@@ -95,6 +96,7 @@ template t_JSON_5424_SDATA {
     template('$(format-json --scope rfc5424
                 --pair PRI="<$PRI>"
                 --key ISODATE
+                --key RAWMSG
                 --exclude DATE
                 --exclude HOST
                 --exclude FACILITY

package/etc/syslog-ng.conf → package/etc/syslog-ng.conf.tmpl

@@ -17,12 +17,12 @@ options {
         flush_lines (100);
         time_reopen (10);
         log_fifo_size (10000);
-        chain_hostnames (off);
-        use_dns (no);
+        chain_hostnames (yes);
+        use_dns ({{getenv "SC4S_GLOBAL_DNS_USE" "no"}});
         use_fqdn (no);
-        dns-cache(no);
+        dns-cache({{getenv "SC4S_GLOBAL_DNS_CACHE" "yes"}});
         create_dirs (no);
-        keep-hostname (yes);
+        keep-hostname (no);
         create_dirs(yes);
         dir_perm(0750);
         stats-freq(30);