Refine mulitple unique port docs

* Refine mulitple unique ports docs; change section it appears in
CSVD · May 8, 2020 · 661a4e4 · 661a4e4
1 parent 3e7ea24
commit 661a4e4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -113,10 +113,6 @@ and/or move them to an archival system to avoid exhaustion of disk space.
 | SC4S_SOURCE_LISTEN_UDP_SOCKETS | 5 | Number of kernel sockets per active UDP port, which configures multi-threading of the UDP input buffer in the kernel to prevent packet loss.  Total UDP input buffer is the multiple of SC4S_SOURCE_LISTEN_UDP_SOCKETS * SC4S_SOURCE_UDP_SO_RCVBUFF |
 | SC4S_SOURCE_STORE_RAWMSG | undefined or "no" | Store unprocessed "on the wire" raw message in the RAWMSG macro for use with the "fallback" sourcetype.  Do _not_ set this in production; substantial memory and disk overhead will result. Use for log path/filter development only. |
 
-### Multiple listening ports for the same source
-
-SC4S supports multiple network listening ports useful for a narrow set of compliance use cases. When configuring a source port variable use a comma ',' separated list with no spaces.
-
 ## Syslog Source TLS Certificate Configuration
 
 * Create a folder ``/opt/sc4s/tls`` if not already done as part of the "getting started" process.

diff --git a/docs/sources/index.md b/docs/sources/index.md
@@ -19,3 +19,13 @@ A key aspect of SC4S is to properly set Splunk metadata prior to the data arrivi
 
 It is understood that default values will need to be changed in many installations.  Each source documented in this section has a table entitled "Sourcetype and Index Configuration", which highlights the default index and sourcetype for each source.  See the section "SC4S metadata configuration" in the "Configuration" page for more information on how to override the default values in this table.
 
+## Unique listening ports
+
+SC4S supports unique listening ports for each source technology/log path (e.g. Cisco ASA), which is useful when the device is
+sending data on a port different from the typical default syslog port (UDP port 514).  In some cases, when the source device emits data that
+is not able to be distinguished from other device types, a unique port is sometimes required.  The specific environment variables used for
+setting "unique ports" are outlined in each source document in this section.
+
+In most cases only one "unique port" is needed for each source.  However, SC4S also supports multiple network listening ports per source,
+which can be useful for a narrow set of compliance use cases. When configuring a source port variable to enable multiple ports, use a
+comma-separated list with no spaces (e.g. `SC4S_LISTEN_CISCO_ASA_UDP_PORT=5005,6005`).