[FEATURE ]Update syslog-ng to version 3.28.1 (#579)

* Update image to 3.28 * Update entrypoint.sh * Update docs to syslog-ng v 3.28.1 * Update docs to reflect syslog-ng version 3.28.1 Co-authored-by: Mark Bonsack <mbonsack@splunk.com>
CSVD · Jul 24, 2020 · 915da37 · 915da37
1 parent 9d16c6b
commit 915da37
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 26 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -90,7 +90,7 @@ jobs:
     docker:
       - image: circleci/python:3.7
     environment:
-      SYSLOG: "syslog-ng-3.27.1"
+      SYSLOG: "syslog-ng-3.28.1"
       SPLUNK_VERSION: "8.0.2"
     <<: *test
   test-sc4s-next-splunk-8-0:
@@ -104,14 +104,14 @@ jobs:
     docker:
       - image: circleci/python:3.7
     environment:
-      SYSLOG: "syslog-ng-3.27.1"
+      SYSLOG: "syslog-ng-3.28.1"
       SPLUNK_VERSION: "7.3.4"
     <<: *test
   test-sc4s-current-splunk-7-2:
     docker:
       - image: circleci/python:3.7
     environment:
-      SYSLOG: "syslog-ng-3.27.1"
+      SYSLOG: "syslog-ng-3.28.1"
       SPLUNK_VERSION: "7.2.9"
     <<: *test
 
@@ -195,7 +195,7 @@ jobs:
     docker:
       - image: circleci/python:3.7
     environment:
-      SYSLOG: "syslog-ng-3.27.1"
+      SYSLOG: "syslog-ng-3.28.1"
     steps:
       - setup_remote_docker:
           docker_layer_caching: true

diff --git a/docs/gettingstarted/docker-swarm-general.md b/docs/gettingstarted/docker-swarm-general.md
@@ -225,7 +225,7 @@ index=* sourcetype=sc4s:events "starting up"
 ```
 This should yield the following event:
 ```ini
-syslog-ng starting up; version='3.26.1'
+syslog-ng starting up; version='3.28.1'
 ``` 
 when the startup process proceeds normally (without syntax errors). If you do not see this,
 follow the steps below before proceeding to deeper-level troubleshooting:
@@ -236,16 +236,15 @@ follow the steps below before proceeding to deeper-level troubleshooting:
 
 * Ensure the proper operation of the load balancer if used.
 
-* Lastly, execute the following command to check the internal logs of the syslog-ng process running in the container.  Depending on the
-traffic load, there may be quite a bit of output in the syslog-ng logs.
+* Lastly, execute the following command to check the sc4s startup process running in the container.
 ```bash
 docker logs SC4S
 ```
 You should see events similar to those below in the output:
 ```ini
-Oct  1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.26.1'
-Oct  1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection accepted; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
-Oct  1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection closed; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
+syslog-ng checking config
+sc4s version=v1.24.0
+syslog-ng starting
 ```
 If you see http server errors such as 4xx or 5xx responses from the http (HEC) endpoint, one or more of the items above are likely set
 incorrectly.  If validating/fixing the configuration fails to correct the problem, proceed to the "Troubleshooting" section for more

diff --git a/docs/gettingstarted/docker-swarm-rhel7.md b/docs/gettingstarted/docker-swarm-rhel7.md
@@ -233,7 +233,7 @@ index=* sourcetype=sc4s:events "starting up"
 ```
 This should yield the following event:
 ```ini
-syslog-ng starting up; version='3.26.1'
+syslog-ng starting up; version='3.28.1'
 ``` 
 when the startup process proceeds normally (without syntax errors). If you do not see this,
 follow the steps below before proceeding to deeper-level troubleshooting:
@@ -244,16 +244,15 @@ follow the steps below before proceeding to deeper-level troubleshooting:
 
 * Ensure the proper operation of the load balancer if used.
 
-* Lastly, execute the following command to check the internal logs of the syslog-ng process running in the container.  Depending on the
-traffic load, there may be quite a bit of output in the syslog-ng logs.
+* Lastly, execute the following command to check the sc4s startup process running in the container.
 ```bash
 docker logs SC4S
 ```
 You should see events similar to those below in the output:
 ```ini
-Oct  1 03:13:35 77cd4776af41 syslog-ng[1]: syslog-ng starting up; version='3.26.1'
-Oct  1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection accepted; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
-Oct  1 05:29:55 77cd4776af41 syslog-ng[1]: Syslog connection closed; fd='49', client='AF_INET(10.0.1.18:55010)', local='AF_INET(0.0.0.0:514)'
+syslog-ng checking config
+sc4s version=v1.24.0
+syslog-ng starting
 ```
 If you see http server errors such as 4xx or 5xx responses from the http (HEC) endpoint, one or more of the items above are likely set
 incorrectly.  If validating/fixing the configuration fails to correct the problem, proceed to the "Troubleshooting" section for more

diff --git a/docs/gettingstarted/docker-systemd-general.md b/docs/gettingstarted/docker-systemd-general.md
@@ -222,7 +222,7 @@ index=* sourcetype=sc4s:events "starting up"
 ```
 This should yield the following event:
 ```ini
-syslog-ng starting up; version='3.26.1'
+syslog-ng starting up; version='3.28.1'
 ``` 
 when the startup process proceeds normally (without syntax errors). If you do not see this,
 follow the steps below before proceeding to deeper-level troubleshooting:
@@ -233,15 +233,14 @@ follow the steps below before proceeding to deeper-level troubleshooting:
 
 * Ensure the proper operation of the load balancer if used.
 
-* Lastly, execute the following command to check the internal logs of the syslog-ng process running in the container.  Depending on the
-traffic load, there may be quite a bit of output in the syslog-ng logs.
+* Lastly, execute the following command to check the sc4s startup process running in the container.
 ```bash
 docker logs SC4S
 ```
 You should see events similar to those below in the output:
 ```ini
 syslog-ng checking config
-sc4s version=v1.23.0
+sc4s version=v1.24.0
 syslog-ng starting
 ```
 If you do not see the output above, proceed to the "Troubleshooting" section for more detailed information.

diff --git a/docs/gettingstarted/podman-systemd-general.md b/docs/gettingstarted/podman-systemd-general.md
@@ -241,7 +241,7 @@ index=* sourcetype=sc4s:events "starting up"
 ```
 This should yield the following event:
 ```ini
-syslog-ng starting up; version='3.26.1'
+syslog-ng starting up; version='3.28.1'
 ``` 
 when the startup process proceeds normally (without syntax errors). If you do not see this,
 follow the steps below before proceeding to deeper-level troubleshooting:
@@ -252,15 +252,14 @@ follow the steps below before proceeding to deeper-level troubleshooting:
 
 * Ensure the proper operation of the load balancer if used.
 
-* Lastly, execute the following command to check the internal logs of the syslog-ng process running in the container.  Depending on the
-traffic load, there may be quite a bit of output in the syslog-ng logs.
+* Lastly, execute the following command to check the sc4s startup process running in the container.
 ```bash
 podman logs SC4S
 ```
 You should see events similar to those below in the output:
 ```ini
 syslog-ng checking config
-sc4s version=v1.23.0
+sc4s version=v1.24.0
 syslog-ng starting
 ```
 If you do not see the output above, proceed to the "Troubleshooting" section for more detailed information.

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
@@ -75,7 +75,7 @@ don't expect, check to see that the index is created in Splunk, or that a `lastC
 cause for almost _all_ `400` errors.
 * If you continue to the individual log entries in these directories, you will see entries of the form
 ```bash
-curl -k -u "sc4s HEC debug:a778f63a-5dff-4e3c-a72c-a03183659e94" "https://splunk.smg.aws:8088/services/collector/event" -d '{"time":"1584556114.271","sourcetype":"sc4s:events","source":"SC4S:s_internal","index":"main","host":"e3563b0ea5d8","fields":{"sc4s_syslog_severity":"notice","sc4s_syslog_facility":"syslog","sc4s_loghost":"e3563b0ea5d8","sc4s_fromhostip":"127.0.0.1"},"event":"syslog-ng starting up; version='3.26.1'"}'
+curl -k -u "sc4s HEC debug:a778f63a-5dff-4e3c-a72c-a03183659e94" "https://splunk.smg.aws:8088/services/collector/event" -d '{"time":"1584556114.271","sourcetype":"sc4s:events","source":"SC4S:s_internal","index":"main","host":"e3563b0ea5d8","fields":{"sc4s_syslog_severity":"notice","sc4s_syslog_facility":"syslog","sc4s_loghost":"e3563b0ea5d8","sc4s_fromhostip":"127.0.0.1"},"event":"syslog-ng starting up; version='3.28.1'"}'
 ```
 * These commands, with minimal modifications (e.g. multiple URLs specified or elements that needs shell escapes) can be run directly on the
 command line to determine what, exactly, the HEC endpoint is returning.  This can be used to refine th index or other parameter to correct the

diff --git a/package/etc/syslog-ng.conf.tmpl b/package/etc/syslog-ng.conf.tmpl
@@ -1,4 +1,4 @@
-@version:3.27
+@version:3.28
 
 # syslog-ng configuration file.
 

diff --git a/package/sbin/entrypoint.sh b/package/sbin/entrypoint.sh
@@ -105,6 +105,9 @@ echo sc4s version=$(cat /VERSION)
 echo sc4s version=$(cat /VERSION) >/opt/syslog-ng/var/log/syslog-ng.out
 /opt/syslog-ng/sbin/syslog-ng -s >>/opt/syslog-ng/var/log/syslog-ng.out 2>/opt/syslog-ng/var/log/syslog-ng.err
 
+echo starting goss
+goss serve --format json &
+
 echo syslog-ng starting
 /opt/syslog-ng/bin/persist-tool add /opt/syslog-ng/etc/reset_persist -o /opt/syslog-ng/var