From 238305c3abe60723303929fcfcdbeb76821eb025 Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Sat, 13 Jun 2020 20:05:37 -0400
Subject: [PATCH 1/3] Add SC4S_DEBUG_CONTAINER to prevent container exit on
 startup error

---
 docs/troubleshooting.md    | 2 ++
 package/sbin/entrypoint.sh | 8 +++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 1146ee7..46cbc4f 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -92,6 +92,8 @@ and navigate to `/opt/syslog-ng/etc/` to see the actual config files in use.  If
 itself, you can also modify files directly and reload syslog-ng with the command `kill -1 1` in the container.  This is an advanced topic
 and futher help can be obtained via the github issue tracker and Slack channels.
 
+When debugging a configuration syntax issue at startup the container must remain running. This can be enabled by adding `SC4S_DEBUG_CONTAINER=yes` to the `env_file`
+
 ## Run the container with a null entrypoint (Advanced!)
 
 You can run the container without the usual entrypoint shell script by executing this command (modified to suit your environment):
diff --git a/package/sbin/entrypoint.sh b/package/sbin/entrypoint.sh
index 58eef70..435d2ff 100755
--- a/package/sbin/entrypoint.sh
+++ b/package/sbin/entrypoint.sh
@@ -60,7 +60,13 @@ sleep 5
 if ! ps -p $pid > /dev/null
 then
    echo "syslog-ng failed to start $pid is not running"
-   exit $(wait ${pid})
+   /opt/syslog-ng/sbin/syslog-ng -s
+   if [ "${SC4S_DEBUG_CONTAINER}" == "yes" ]
+   then
+    exit $(wait ${pid})
+  else
+    tail -f /dev/null
+  fi
    # Do something knowing the pid exists, i.e. the process with $PID is running
 fi
 

From 9f225e8dded7a2495bbb6b070a2816d94802419e Mon Sep 17 00:00:00 2001
From: mbonsack <mbonsack@splunk.com>
Date: Sat, 13 Jun 2020 17:32:14 -0700
Subject: [PATCH 2/3] Remove extra null entrypoint detail

* Remove extra null entrypoint detail
---
 docs/troubleshooting.md | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 46cbc4f..81ffbda 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -89,22 +89,13 @@ and navigating the syslog-ng config filesystem directly.  To do this, run
 /usr/bin/podman exec -it SC4S /bin/bash
 ```
 and navigate to `/opt/syslog-ng/etc/` to see the actual config files in use.  If you are adept with container operations and syslog-ng
-itself, you can also modify files directly and reload syslog-ng with the command `kill -1 1` in the container.  This is an advanced topic
-and futher help can be obtained via the github issue tracker and Slack channels.
+itself, you can modify files directly and reload syslog-ng with the command `kill -1 1` in the container.
+You can also run the `/entrypoint.sh` script by hand (or a subset of it, such as everything
+but syslog-ng) and have complete control over the templating and underlying syslog-ng process.
+This is an advanced topic and futher help can be obtained via the github issue tracker and Slack channels.
 
 When debugging a configuration syntax issue at startup the container must remain running. This can be enabled by adding `SC4S_DEBUG_CONTAINER=yes` to the `env_file`
 
-## Run the container with a null entrypoint (Advanced!)
-
-You can run the container without the usual entrypoint shell script by executing this command (modified to suit your environment):
-
-```bash
-/usr/bin/podman run -p 514:514 -p 514:514/udp -p 5000-5020:5000-5020 -p 5000-5020:5000-5020/udp --entrypoint=tail --env-file=/opt/sc4s/env_file -v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local:z --name SC4S --rm splunk/scs:latest -f /dev/null
-```
-From there, you can "exec" into the container (above) and run the `/entrypoint.sh` script by hand (or a subset of it, such as everything
-but syslog-ng) and have complete control over the templating and underlying syslog-ng process.  Again, this is an advanced topic but can be
-very useful for low-level troubleshooting.
-
 ## Dealing with non RFC-5424 compliant sources
 
 If a data source you are trying to ingest via SC4S claims it is RFC-5424 compliant however you are getting a log message processing error this might be happening.

From 61a0c9cd0b17c0566bceb2776778d3caf933b3cc Mon Sep 17 00:00:00 2001
From: mbonsack <mbonsack@splunk.com>
Date: Sat, 13 Jun 2020 17:33:20 -0700
Subject: [PATCH 3/3] Grammar

* Grammar
---
 docs/troubleshooting.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 81ffbda..dafc3e6 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -94,7 +94,7 @@ You can also run the `/entrypoint.sh` script by hand (or a subset of it, such as
 but syslog-ng) and have complete control over the templating and underlying syslog-ng process.
 This is an advanced topic and futher help can be obtained via the github issue tracker and Slack channels.
 
-When debugging a configuration syntax issue at startup the container must remain running. This can be enabled by adding `SC4S_DEBUG_CONTAINER=yes` to the `env_file`
+When debugging a configuration syntax issue at startup the container must remain running. This can be enabled by adding `SC4S_DEBUG_CONTAINER=yes` to the `env_file`.
 
 ## Dealing with non RFC-5424 compliant sources