From 4d3a9a65c63ab2a57997397990b664caf97d5cb6 Mon Sep 17 00:00:00 2001 From: rfaircloth-splunk Date: Fri, 29 May 2020 16:19:25 -0400 Subject: [PATCH] Fixes #502 --- docs/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration.md b/docs/configuration.md index c498ea9..473b04f 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -260,7 +260,7 @@ logging. Note that drop metrics will be recorded. ## Fixing (overriding) the host field In some cases the host value is not present or an IP address in the syslog even analysts and users prefer host names. SC4S -will first check `host.csv` and replace the value of `host` with the value specified. If a value is not found in `dns.csv` +will first check `host.csv` and replace the value of `host` with the value specified. If a value is not found in `host.csv` reverse dns lookup will be attempted. IP will only be used as the host value as a last result. ## Splunk Connect for Syslog output templates (syslog-ng templates)