From 78dda6e514597da59694ec4ea4ea86c55239c2e0 Mon Sep 17 00:00:00 2001
From: Mark Bonsack <mbonsack@splunk.com>
Date: Mon, 20 Jan 2020 22:37:30 -0800
Subject: [PATCH] Remove unneeded `rewrite(set_rfcnonconformant)` function

* syslog_format.conf: Remove unneeded `rewrite(set_rfcnonconformant)` funtction.  Source template will set an appropriate syslog format field in every case.
* source_network.t:  Remove comment `#TODO: #60 Remove this function with enhancement`; code has been updated and/or removed  and comment no longer relevant.
* source_network.t: Adjust gomplate template for line spacing in conf file output
---
 .../conf.d/conflib/_common/syslog_format.conf |  3 ---
 package/etc/go_templates/source_network.t     | 21 ++++++++-----------
 2 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/package/etc/conf.d/conflib/_common/syslog_format.conf b/package/etc/conf.d/conflib/_common/syslog_format.conf
index 0c9fc2f..b461e0e 100644
--- a/package/etc/conf.d/conflib/_common/syslog_format.conf
+++ b/package/etc/conf.d/conflib/_common/syslog_format.conf
@@ -7,9 +7,6 @@ filter f_rfc5424_noversion{
 filter f_rfc3164_version{
     message('^(?<SYSLOGMSG>(?<HEADER>(?<PRI><\d{1,3}>)(?<VERSION>[1-9][0-9]?) (?<TIMESTAMP>[A-Za-z]{3} \d\d \d\d:\d\d:\d\d) (?<FROMHOST>[^ ]+) ))');
 };
-rewrite set_rfcnonconformant{
-    set("rfc5424_nonconform" value("fields.sc4s_syslog_format"));
-};
 rewrite set_rfc5424_strict{
     set("rfc5424_strict" value("fields.sc4s_syslog_format"));
 };
diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t
index 6b54feb..480130a 100644
--- a/package/etc/go_templates/source_network.t
+++ b/package/etc/go_templates/source_network.t
@@ -58,41 +58,39 @@ source s_{{ .port_id }} {
             );
 {{- end}}
         };
-        #TODO: #60 Remove this function with enhancement
-        rewrite(set_rfcnonconformant);
-{{- if eq .parser "rfc3164" }}
+{{ if eq .parser "rfc3164" }}
         parser {
             syslog-parser(time-zone({{getenv "SC4S_DEFAULT_TIMEZONE" "GMT"}}) flags(guess-timezone));
         };
         rewrite(set_rfc3164);
-{{- else if eq .parser "rfc3164_version" }}
+{{ else if eq .parser "rfc3164_version" }}
 #       filter(f_rfc3164_version);
         rewrite(set_rfc3164_no_version_string);
         parser {
             syslog-parser(time-zone({{- getenv "SC4S_DEFAULT_TIMEZONE" "GMT"}}) flags(guess-timezone));
         };
         rewrite(set_rfc3164_version);
-{{- else if eq .parser "rfc5424_strict" }}
+{{ else if eq .parser "rfc5424_strict" }}
 #       filter(f_rfc5424_strict);
         parser {
                 syslog-parser(flags(syslog-protocol));
             };
         rewrite(set_rfc5424_strict);
-{{- else if eq .parser "rfc5424_noversion" }}
+{{ else if eq .parser "rfc5424_noversion" }}
 #       filter(f_rfc5424_noversion);
         parser {
                 syslog-parser(flags(syslog-protocol));
             };
         rewrite(set_rfc5424_noversion);
-{{- else if eq .parser "cisco_parser" }}
+{{ else if eq .parser "cisco_parser" }}
         parser {cisco-parser()};
         rewrite(set_cisco_ios);
-{{- else if eq .parser "cisco_meraki_parser" }}
+{{ else if eq .parser "cisco_meraki_parser" }}
         parser (p_cisco_meraki);
         rewrite(set_rfc5424_epochtime);
-{{- else if eq .parser "no_parse" }}
+{{ else if eq .parser "no_parse" }}
         rewrite(set_no_parse);
-{{- else }}
+{{ else }}
         if {
             filter(f_rfc3164_version);
             rewrite(set_rfc3164_no_version_string);
@@ -124,9 +122,8 @@ source s_{{ .port_id }} {
             };
             rewrite(set_rfc3164);
         };
-{{- end }}
+{{ end }}
         rewrite(r_set_splunk_default);
-
         parser {
             vendor_product_by_source();
         };