Remove unneeded rewrite(set_rfcnonconformant) function

* syslog_format.conf: Remove unneeded `rewrite(set_rfcnonconformant)` funtction. Source template will set an appropriate syslog format field in every case. * source_network.t: Remove comment `#TODO: #60 Remove this function with enhancement`; code has been updated and/or removed and comment no longer relevant. * source_network.t: Adjust gomplate template for line spacing in conf file output
CSVD · Jan 21, 2020 · 78dda6e · 78dda6e
1 parent c890d6a
commit 78dda6e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 15 deletions.
diff --git a/package/etc/conf.d/conflib/_common/syslog_format.conf b/package/etc/conf.d/conflib/_common/syslog_format.conf
@@ -7,9 +7,6 @@ filter f_rfc5424_noversion{
 filter f_rfc3164_version{
     message('^(?<SYSLOGMSG>(?<HEADER>(?<PRI><\d{1,3}>)(?<VERSION>[1-9][0-9]?) (?<TIMESTAMP>[A-Za-z]{3} \d\d \d\d:\d\d:\d\d) (?<FROMHOST>[^ ]+) ))');
 };
-rewrite set_rfcnonconformant{
-    set("rfc5424_nonconform" value("fields.sc4s_syslog_format"));
-};
 rewrite set_rfc5424_strict{
     set("rfc5424_strict" value("fields.sc4s_syslog_format"));
 };

diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t
@@ -58,41 +58,39 @@ source s_{{ .port_id }} {
             );
 {{- end}}
         };
-        #TODO: #60 Remove this function with enhancement
-        rewrite(set_rfcnonconformant);
-{{- if eq .parser "rfc3164" }}
+{{ if eq .parser "rfc3164" }}
         parser {
             syslog-parser(time-zone({{getenv "SC4S_DEFAULT_TIMEZONE" "GMT"}}) flags(guess-timezone));
         };
         rewrite(set_rfc3164);
-{{- else if eq .parser "rfc3164_version" }}
+{{ else if eq .parser "rfc3164_version" }}
 #       filter(f_rfc3164_version);
         rewrite(set_rfc3164_no_version_string);
         parser {
             syslog-parser(time-zone({{- getenv "SC4S_DEFAULT_TIMEZONE" "GMT"}}) flags(guess-timezone));
         };
         rewrite(set_rfc3164_version);
-{{- else if eq .parser "rfc5424_strict" }}
+{{ else if eq .parser "rfc5424_strict" }}
 #       filter(f_rfc5424_strict);
         parser {
                 syslog-parser(flags(syslog-protocol));
             };
         rewrite(set_rfc5424_strict);
-{{- else if eq .parser "rfc5424_noversion" }}
+{{ else if eq .parser "rfc5424_noversion" }}
 #       filter(f_rfc5424_noversion);
         parser {
                 syslog-parser(flags(syslog-protocol));
             };
         rewrite(set_rfc5424_noversion);
-{{- else if eq .parser "cisco_parser" }}
+{{ else if eq .parser "cisco_parser" }}
         parser {cisco-parser()};
         rewrite(set_cisco_ios);
-{{- else if eq .parser "cisco_meraki_parser" }}
+{{ else if eq .parser "cisco_meraki_parser" }}
         parser (p_cisco_meraki);
         rewrite(set_rfc5424_epochtime);
-{{- else if eq .parser "no_parse" }}
+{{ else if eq .parser "no_parse" }}
         rewrite(set_no_parse);
-{{- else }}
+{{ else }}
         if {
             filter(f_rfc3164_version);
             rewrite(set_rfc3164_no_version_string);
@@ -124,9 +122,8 @@ source s_{{ .port_id }} {
             };
             rewrite(set_rfc3164);
         };
-{{- end }}
+{{ end }}
         rewrite(r_set_splunk_default);
-
         parser {
             vendor_product_by_source();
         };