diff --git a/docs/gettingstarted/docker-swarm-general.md b/docs/gettingstarted/docker-swarm-general.md index cbc5558..a1c0f72 100644 --- a/docs/gettingstarted/docker-swarm-general.md +++ b/docs/gettingstarted/docker-swarm-general.md @@ -114,7 +114,7 @@ For collection of such sources we provide a means of dedicating a unique listeni Refer to the "Sources" documentation to identify the specific variable used to enable a specific port for the technology in use. -In the following example ``-p 5000-5020:5000-5020`` allows for up to 21 technology-specific ports. Modify the individual ports or a +In the following example the target port ranges allow for up to 21 technology-specific ports. Modify individual ports or a range as appropriate for your network. * Modify the unit file ``/opt/sc4s/docker-compose.yml`` @@ -134,22 +134,20 @@ services: protocol: udp #Comment the following line out if using docker-compose mode: host - - target: 5000-5021 - published: 5000-5021 + - target: 5000-5020 + published: 5000-5020 protocol: tcp #Comment the following line out if using docker-compose mode: host - - target: 5000-5021 - published: 5000-5021 + - target: 5000-5020 + published: 5000-5020 protocol: udp #Comment the following line out if using docker-compose mode: host env_file: - /opt/sc4s/env_file volumes: - - /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv - - /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv - - /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf + - /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local #Uncomment the following line if custom TLS certs are provided - /opt/sc4s/tls:/opt/syslog-ng/tls ``` diff --git a/docs/gettingstarted/docker-swarm-rhel7.md b/docs/gettingstarted/docker-swarm-rhel7.md index 87106c8..c06849b 100644 --- a/docs/gettingstarted/docker-swarm-rhel7.md +++ b/docs/gettingstarted/docker-swarm-rhel7.md @@ -144,7 +144,7 @@ For collection of such sources we provide a means of dedicating a unique listeni Refer to the "Sources" documentation to identify the specific variable used to enable a specific port for the technology in use. -In the following example ``-p 5000-5020:5000-5020`` allows for up to 21 technology-specific ports. Modify the individual ports or a +In the following example the target port ranges allow for up to 21 technology-specific ports. Modify individual ports or a range as appropriate for your network. * Modify the unit file ``/opt/sc4s/docker-compose.yml`` @@ -164,22 +164,20 @@ services: protocol: udp #Comment the following line out if using docker-compose mode: host - - target: 5000-5021 - published: 5000-5021 + - target: 5000-5020 + published: 5000-5020 protocol: tcp #Comment the following line out if using docker-compose mode: host - - target: 5000-5021 - published: 5000-5021 + - target: 5000-5020 + published: 5000-5020 protocol: udp #Comment the following line out if using docker-compose mode: host env_file: - /opt/sc4s/env_file volumes: - - /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv - - /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv - - /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf + - /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local #Uncomment the following line if custom TLS certs are provided - /opt/sc4s/tls:/opt/syslog-ng/tls ``` diff --git a/docs/gettingstarted/docker-systemd-general.md b/docs/gettingstarted/docker-systemd-general.md index a7931ed..32eb897 100644 --- a/docs/gettingstarted/docker-systemd-general.md +++ b/docs/gettingstarted/docker-systemd-general.md @@ -117,7 +117,7 @@ For collection of such sources we provide a means of dedicating a unique listeni Refer to the "Sources" documentation to identify the specific variable used to enable a specific port for the technology in use. -In the following example ``-p 5000-5020:5000-5020`` allows for up to 21 technology-specific ports. Modify the individual ports or a +In the following example ``-p 5000-5020:5000-5020`` allows for up to 21 technology-specific ports. Modify individual ports or a range as appropriate for your network. * Modify the unit file ``/lib/systemd/system/sc4s.service`` @@ -130,25 +130,24 @@ Requires=network.service [Service] Environment="SC4S_IMAGE=splunk/scs:latest" -#Note Uncomment this line to use custom index names AND download the splunk_index.csv file template per getting started -Environment="SC4S_UNIT_SPLUNK_INDEX=-v /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv" -#Note Uncomment the following two linese for host and ip based source type mapping AND download the two file templates per getting started -#Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" -#Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" -#Uncomment the following line if custom TLS certs are provided -#Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" +# Optional mount point for local overrides and configurations; see notes in docs + +Environment="SC4S_LOCAL_CONFIG_MOUNT=-v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local" + +# Uncomment the following line if custom TLS certs are provided +# Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" TimeoutStartSec=0 Restart=always ExecStartPre=/usr/bin/docker pull $SC4S_IMAGE ExecStartPre=/usr/bin/docker run \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ + "$SC4S_LOCAL_CONFIG_MOUNT" \ --name SC4S_preflight --rm \ $SC4S_IMAGE -s -ExecStart=/usr/bin/docker run -p 514:514 -p 5000-5020:5000-5020 \ +ExecStart=/usr/bin/docker run -p 514:514 -p 514:514/udp -p 5000-5020:5000-5020 -p 5000-5020:5000-5020/udp \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ + "$SC4S_LOCAL_CONFIG_MOUNT" \ --name SC4S \ --rm \ $SC4S_IMAGE diff --git a/docs/gettingstarted/podman-systemd-general.md b/docs/gettingstarted/podman-systemd-general.md index 2ce8a2b..394762d 100644 --- a/docs/gettingstarted/podman-systemd-general.md +++ b/docs/gettingstarted/podman-systemd-general.md @@ -117,7 +117,7 @@ For collection of such sources we provide a means of dedicating a unique listeni Refer to the "Sources" documentation to identify the specific variable used to enable a specific port for the technology in use. -In the following example ``-p 5000-5020:5000-5020`` allows for up to 21 technology-specific ports. Modify the individual ports or a +In the following example ``-p 5000-5020:5000-5020`` allows for up to 21 technology-specific ports. Modify individual ports or a range as appropriate for your network. * Modify the unit file ``/lib/systemd/system/sc4s.service`` @@ -130,25 +130,24 @@ Requires=network.service [Service] Environment="SC4S_IMAGE=splunk/scs:latest" -#Note Uncomment this line to use custom index names AND download the splunk_index.csv file template per getting started -Environment="SC4S_UNIT_SPLUNK_INDEX=-v /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv" -#Note Uncomment the following two linese for host and ip based source type mapping AND download the two file templates per getting started -#Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" -#Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" -#Uncomment the following line if custom TLS certs are provided -#Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" +# Optional mount point for local overrides and configurations; see notes in docs + +Environment="SC4S_LOCAL_CONFIG_MOUNT=-v /opt/sc4s/local:/opt/syslog-ng/etc/conf.d/local" + +# Uncomment the following line if custom TLS certs are provided +# Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" TimeoutStartSec=0 Restart=always ExecStartPre=/usr/bin/podman pull $SC4S_IMAGE ExecStartPre=/usr/bin/podman run \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ + "$SC4S_LOCAL_CONFIG_MOUNT" \ --name SC4S_preflight --rm \ $SC4S_IMAGE -s -ExecStart=/usr/bin/podman run -p 514:514 -p 5000-5020:5000-5020 \ +ExecStart=/usr/bin/podman run -p 514:514 -p 514:514/udp -p 5000-5020:5000-5020 -p 5000-5020:5000-5020/udp \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ + "$SC4S_LOCAL_CONFIG_MOUNT" \ --name SC4S \ --rm \ $SC4S_IMAGE