Skip to content

Commit

Permalink
Merge branch 'release/1.0.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
rfaircloth-splunk committed Oct 16, 2019
2 parents 71f92b0 + 9c283e5 commit 44ed893
Show file tree
Hide file tree
Showing 36 changed files with 623 additions and 155 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Splunk Connect for Syslog (SC4S) is a community project focused on reducing the

## Usage

For full usage instructions, please visit the Splunk Connect for Syslog documentation page.
For full usage instructions, please visit the Splunk Connect for Syslog [documentation pages over at readthedocs](https://splunk-connect-for-syslog.readthedocs.io/en/master/).

## Support

Expand Down
1 change: 1 addition & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ services:
RH_ORG: ${RH_ORG}
RH_ACTIVATION: ${RH_ACTIVATION}
hostname: sc4s
command: -det
ports:
- "514:514"
- "601:601"
Expand Down
20 changes: 11 additions & 9 deletions docs/gettingstarted/byoe-rhel7.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,15 +100,17 @@ WantedBy=multi-user.target
source scl_source enable rh-python36

cd /opt/syslog-ng
for d in $(find /opt/syslog-ng/etc -type d)
do
echo Templating conf for $d
gomplate \
--input-dir=$d \
--template t=etc/go_templates/ \
--exclude=*.conf --exclude=*.csv --exclude=*.t --exclude=.*\
--output-map="$d/{{ .in | strings.ReplaceAll \".conf.tmpl\" \".conf\" }}"
done
#The following is no longer needed but retained as a comment just in case we run into command line length issues
#for d in $(find /opt/syslog-ng/etc -type d)
#do
# echo Templating conf for $d
# gomplate \
# --input-dir=$d \
# --template t=etc/go_templates/ \
# --exclude=*.conf --exclude=*.csv --exclude=*.t --exclude=.*\
# --output-map="$d/{{ .in | strings.ReplaceAll \".conf.tmpl\" \".conf\" }}"
#done
gomplate $(find . -name *.tmpl | sed -E 's/^(\/.*\/)*(.*)\..*$/--file=\2.tmpl --out=\2/') --template t=etc/go_templates/

mkdir -p /opt/syslog-ng/etc/conf.d/local/context/
mkdir -p /opt/syslog-ng/etc/conf.d/local/config/
Expand Down
27 changes: 21 additions & 6 deletions docs/gettingstarted/docker-swarm-general.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@ Refer to [Getting Started](https://docs.docker.com/get-started/)

# SC4S Configuration

* Create a directory on the server for local configurations. This should be available to all administrators, for example:
* Create a directory on the server for local configurations and disk buffering. This should be available to all
administrators, for example:
``/opt/sc4s/``

* Create a docker-compose.yml file in the directory created above, based on the following template:

```yaml
Expand All @@ -29,23 +31,35 @@ services:
- /opt/sc4s/env_file
volumes:
- /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local
- /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer
# Uncomment the following line if custom TLS certs are provided
# - /opt/sc4s/tls:/opt/syslog-ng/tls
```

* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations (below).
* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations.

* NOTE: The empty ``local`` directory created above will populate with templates at the first invocation
* The empty ``local`` directory created above will populate with templates at the first invocation
of SC4S for local configurations and overrides. Changes made to these files will be preserved on subsequent
restarts (i.e. a "no-clobber" copy is performed for any missing files). _Do not_ change the directory structure of
the files that are laid down; change (or add) only individual files if desired. SC4S depends on the directory layout
to read the local configurations properly.

* NOTE: You can back up the contents of this directory elsewhere and return the directory to an empty state
* You can back up the contents of this directory elsewhere and return the directory to an empty state
when a new version of SC4S is released to pick up any new changes provided by Splunk. Upon a restart,
the direcory will populate as it did when you first installed SC4S. Your previous changes can then
be merged back in and will take effect after another restart.

* Create the subdirectory ``/opt/sc4s/disk-buffer``. This will be used as a mount point for local disk buffering
of events in the event of network failure to the Splunk infrastructure.

* This directory will populate with the disk buffer files upon SC4S startup. If SC4S restarts for any reason, a new
set of files will be created in addition to the original ones. _The original ones will not be removed_.
If you are sure, after stopping SC4S, that all data has been sent, these files can be removed. They will be created
again upon restart.

* IMPORTANT: When creating the two directories above, ensure the directories created match the volume mounts specified in the
`docker-compose.yml` file. Failure to do this will cause SC4S to abort at startup.

## Configure the SC4S environment

Create a file named ``/opt/sc4s/env_file`` and add the following environment variables:
Expand Down Expand Up @@ -148,8 +162,9 @@ services:
- /opt/sc4s/env_file
volumes:
- /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local
- /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer
#Uncomment the following line if custom TLS certs are provided
- /opt/sc4s/tls:/opt/syslog-ng/tls
# - /opt/sc4s/tls:/opt/syslog-ng/tls
```

* Modify the following file ``/opt/sc4s/default/env_file`` to include the port-specific environment variable(s). See the "Sources"
Expand Down Expand Up @@ -222,7 +237,7 @@ docker logs SC4S
```
You should see events similar to those below in the output:
```ini
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.22.1'
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.24.1'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection accepted; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection closed; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
```
Expand Down
28 changes: 21 additions & 7 deletions docs/gettingstarted/docker-swarm-rhel7.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,9 @@ sudo docker swarm init

# SC4S Configuration

* Create a directory on the server for local configurations. This should be available to all administrators, for example:
* Create a directory on the server for local configurations and disk buffering. This should be available to all administrators, for example:
``/opt/sc4s/``

* Create a docker-compose.yml file in the directory created above, based on the following template:

```yaml
Expand All @@ -57,23 +58,35 @@ services:
- /opt/sc4s/env_file
volumes:
- /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local
- /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer
# Uncomment the following line if custom TLS certs are provided
- /opt/sc4s/tls:/opt/syslog-ng/tls
# - /opt/sc4s/tls:/opt/syslog-ng/tls
```

* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations (below).
* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations.

* NOTE: The empty ``local`` directory created above will populate with templates at the first invocation
* The empty ``local`` directory created above will populate with templates at the first invocation
of SC4S for local configurations and overrides. Changes made to these files will be preserved on subsequent
restarts (i.e. a "no-clobber" copy is performed for any missing files). _Do not_ change the directory structure of
the files that are laid down; change (or add) only individual files if desired. SC4S depends on the directory layout
to read the local configurations properly.

* NOTE: You can back up the contents of this directory elsewhere and return the directory to an empty state
* You can back up the contents of this directory elsewhere and return the directory to an empty state
when a new version of SC4S is released to pick up any new changes provided by Splunk. Upon a restart,
the direcory will populate as it did when you first installed SC4S. Your previous changes can then
be merged back in and will take effect after another restart.

* Create the subdirectory ``/opt/sc4s/disk-buffer``. This will be used as a mount point for local disk buffering
of events in the event of network failure to the Splunk infrastructure.

* This directory will populate with the disk buffer files upon SC4S startup. If SC4S restarts for any reason, a new
set of files will be created in addition to the original ones. _The original ones will not be removed_.
If you are sure, after stopping SC4S, that all data has been sent, these files can be removed. They will be created
again upon restart.

* IMPORTANT: When creating the two directories above, ensure the directories created match the volume mounts specified in the
`docker-compose.yml` file. Failure to do this will cause SC4S to abort at startup.

## Configure the SC4S environment

Create a file named ``/opt/sc4s/env_file`` and add the following environment variables:
Expand Down Expand Up @@ -178,8 +191,9 @@ services:
- /opt/sc4s/env_file
volumes:
- /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local
- /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer
#Uncomment the following line if custom TLS certs are provided
- /opt/sc4s/tls:/opt/syslog-ng/tls
# - /opt/sc4s/tls:/opt/syslog-ng/tls
```

* Modify the following file ``/opt/sc4s/default/env_file`` to include the port-specific environment variable(s). See the "Sources"
Expand Down Expand Up @@ -252,7 +266,7 @@ docker logs SC4S
```
You should see events similar to those below in the output:
```ini
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.22.1'
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.24.1'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection accepted; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection closed; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
```
Expand Down
25 changes: 21 additions & 4 deletions docs/gettingstarted/docker-systemd-general.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ Environment="SC4S_IMAGE=splunk/sc4s:latest"

Environment="SC4S_LOCAL_CONFIG_MOUNT=-v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local"

# Mount point for local disk buffer (required)
Environment="SC4S_LOCAL_DISK_BUFFER_MOUNT=-v /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer"
# Uncomment the following line if custom TLS certs are provided
# Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls"

Expand All @@ -35,23 +37,35 @@ ExecStartPre=/usr/bin/docker run \
ExecStart=/usr/bin/docker run -p 514:514 -p 514:514/udp \
--env-file=/opt/sc4s/default/env_file \
"$SC4S_LOCAL_CONFIG_MOUNT" \
"$SC4S_LOCAL_DISK_BUFFER_MOUNT" \
--name SC4S --rm \
$SC4S_IMAGE
```

* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations (below).
* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations.

* NOTE: The empty ``local`` directory created above will populate with templates at the first invocation
* The empty ``local`` directory created above will populate with templates at the first invocation
of SC4S for local configurations and overrides. Changes made to these files will be preserved on subsequent
restarts (i.e. a "no-clobber" copy is performed for any missing files). _Do not_ change the directory structure of
the files that are laid down; change (or add) only individual files if desired. SC4S depends on the directory layout
to read the local configurations properly.

* NOTE: You can back up the contents of this directory elsewhere and return the directory to an empty state
* You can back up the contents of this directory elsewhere and return the directory to an empty state
when a new version of SC4S is released to pick up any new changes provided by Splunk. Upon a restart,
the direcory will populate as it did when you first installed SC4S. Your previous changes can then
be merged back in and will take effect after another restart.

* Create the subdirectory ``/opt/sc4s/disk-buffer``. This will be used as a mount point for local disk buffering
of events in the event of network failure to the Splunk infrastructure.

* This directory will populate with the disk buffer files upon SC4S startup. If SC4S restarts for any reason, a new
set of files will be created in addition to the original ones. _The original ones will not be removed_.
If you are sure, after stopping SC4S, that all data has been sent, these files can be removed. They will be created
again upon restart.

* IMPORTANT: When creating the two directories above, ensure the directories created match the volume mounts specified in the
unit file above. Failure to do this will cause SC4S to abort at startup.

## Configure the SC4S environment

Create a file named ``/opt/sc4s/default/env_file`` and add the following environment variables:
Expand Down Expand Up @@ -134,6 +148,8 @@ Environment="SC4S_IMAGE=splunk/scs:latest"

Environment="SC4S_LOCAL_CONFIG_MOUNT=-v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local"

# Mount point for local disk buffer (required)
Environment="SC4S_LOCAL_DISK_BUFFER_MOUNT=-v /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer"
# Uncomment the following line if custom TLS certs are provided
# Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls"

Expand All @@ -148,6 +164,7 @@ ExecStartPre=/usr/bin/docker run \
ExecStart=/usr/bin/docker run -p 514:514 -p 514:514/udp -p 5000-5020:5000-5020 -p 5000-5020:5000-5020/udp \
--env-file=/opt/sc4s/default/env_file \
"$SC4S_LOCAL_CONFIG_MOUNT" \
"$SC4S_LOCAL_DISK_BUFFER_MOUNT" \
--name SC4S \
--rm \
$SC4S_IMAGE
Expand Down Expand Up @@ -233,7 +250,7 @@ docker logs SC4S
```
You should see events similar to those below in the output:
```ini
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.22.1'
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.24.1'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection accepted; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection closed; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
```
Expand Down
27 changes: 22 additions & 5 deletions docs/gettingstarted/podman-systemd-general.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,14 @@ After=network.service
Requires=network.service

[Service]
Environment="SC4S_IMAGE=splunk/scs:latest"
Environment="SC4S_IMAGE=splunk/sc4s:latest"

# Optional mount point for local overrides and configurations; see notes in docs

Environment="SC4S_LOCAL_CONFIG_MOUNT=-v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local"

# Mount point for local disk buffer (required)
Environment="SC4S_LOCAL_DISK_BUFFER_MOUNT=-v /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer"
# Uncomment the following line if custom TLS certs are provided
# Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls"

Expand All @@ -35,23 +37,35 @@ ExecStartPre=/usr/bin/podman run \
ExecStart=/usr/bin/podman run -p 514:514 -p 514:514/udp \
--env-file=/opt/sc4s/default/env_file \
"$SC4S_LOCAL_CONFIG_MOUNT" \
"$SC4S_LOCAL_DISK_BUFFER_MOUNT" \
--name SC4S --rm \
$SC4S_IMAGE
```

* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations (below).
* Create the subdirectory ``/opt/sc4s/local``. This will be used as a mount point for local overrides and configurations.

* NOTE: The empty ``local`` directory created above will populate with templates at the first invocation
* The empty ``local`` directory created above will populate with templates at the first invocation
of SC4S for local configurations and overrides. Changes made to these files will be preserved on subsequent
restarts (i.e. a "no-clobber" copy is performed for any missing files). _Do not_ change the directory structure of
the files that are laid down; change (or add) only individual files if desired. SC4S depends on the directory layout
to read the local configurations properly.

* NOTE: You can back up the contents of this directory elsewhere and return the directory to an empty state
* You can back up the contents of this directory elsewhere and return the directory to an empty state
when a new version of SC4S is released to pick up any new changes provided by Splunk. Upon a restart,
the direcory will populate as it did when you first installed SC4S. Your previous changes can then
be merged back in and will take effect after another restart.

* Create the subdirectory ``/opt/sc4s/disk-buffer``. This will be used as a mount point for local disk buffering
of events in the event of network failure to the Splunk infrastructure.

* This directory will populate with the disk buffer files upon SC4S startup. If SC4S restarts for any reason, a new
set of files will be created in addition to the original ones. _The original ones will not be removed_.
If you are sure, after stopping SC4S, that all data has been sent, these files can be removed. They will be created
again upon restart.

* IMPORTANT: When creating the two directories above, ensure the directories created match the volume mounts specified in the
unit file above. Failure to do this will cause SC4S to abort at startup.

## Configure the sc4s environment

Create a file named ``/opt/sc4s/default/env_file`` and add the following environment variables:
Expand Down Expand Up @@ -134,6 +148,8 @@ Environment="SC4S_IMAGE=splunk/scs:latest"

Environment="SC4S_LOCAL_CONFIG_MOUNT=-v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local"

# Mount point for local disk buffer (required)
Environment="SC4S_LOCAL_DISK_BUFFER_MOUNT=-v /opt/sc4s/disk-buffer:/opt/syslog-ng/var/data/disk-buffer"
# Uncomment the following line if custom TLS certs are provided
# Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls"

Expand All @@ -148,6 +164,7 @@ ExecStartPre=/usr/bin/podman run \
ExecStart=/usr/bin/podman run -p 514:514 -p 514:514/udp -p 5000-5020:5000-5020 -p 5000-5020:5000-5020/udp \
--env-file=/opt/sc4s/default/env_file \
"$SC4S_LOCAL_CONFIG_MOUNT" \
"$SC4S_LOCAL_DISK_BUFFER_MOUNT" \
--name SC4S \
--rm \
$SC4S_IMAGE
Expand Down Expand Up @@ -233,7 +250,7 @@ podman logs SC4S
```
You should see events similar to those below in the output:
```ini
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.22.1'
Oct 1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.24.1'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection accepted; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
Oct 1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection closed; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
```
Expand Down
Loading

0 comments on commit 44ed893

Please sign in to comment.