From 5d8cedb9ac3503eef5db1a4d7c8254926988692e Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Tue, 7 Apr 2020 20:21:24 -0400
Subject: [PATCH 1/3] Fix glob for checkpoint

---
 package/etc/conf.d/filters/checkpoint/splunk.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/etc/conf.d/filters/checkpoint/splunk.conf b/package/etc/conf.d/filters/checkpoint/splunk.conf
index df1919b..cd2b8c4 100644
--- a/package/etc/conf.d/filters/checkpoint/splunk.conf
+++ b/package/etc/conf.d/filters/checkpoint/splunk.conf
@@ -1,8 +1,8 @@
 filter f_checkpoint_splunk {
     match('\|(?:origin_sic_name|originsicname)\=[cC][nN]|\|product\=SmartConsole\|' value("MSG") type("pcre")) or
     match('\|(?:origin_sic_name|originsicname)\=[cC][nN]|\|product\=SmartConsole\|' value("LEGACY_MSGHDR") type("pcre")) or
-    match('|product\=Syslog\|ifdir=inbound\|loguid\=' value("MSG") type("pcre")) or
-    match('|product\=Syslog\|ifdir=inbound\|loguid\=' value("LEGACY_MSGHDR") type("pcre"));
+    match('*|product=Syslog|ifdir=inbound|loguid=*' value("MSG") type("glob")) or
+    match('*|product=Syslog|ifdir=inbound|loguid=*' value("LEGACY_MSGHDR") type("glob"));
 };
 
 filter f_checkpoint_splunk_alerts {

From af13c5351e88787df9c94b28d453df6d34b7c26e Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Tue, 7 Apr 2020 20:41:11 -0400
Subject: [PATCH 2/3] Resolve double -F

---
 package/sbin/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/sbin/entrypoint.sh b/package/sbin/entrypoint.sh
index c3bfa26..5381f3d 100755
--- a/package/sbin/entrypoint.sh
+++ b/package/sbin/entrypoint.sh
@@ -54,7 +54,7 @@ echo sc4s version=$(cat /VERSION) >/opt/syslog-ng/var/log/syslog-ng.out
 echo syslog-ng starting
 /opt/syslog-ng/bin/persist-tool add /opt/syslog-ng/etc/reset_persist -o /opt/syslog-ng/var
 
-/opt/syslog-ng/sbin/syslog-ng -F $@ &
+/opt/syslog-ng/sbin/syslog-ng $@ &
 pid="$!"
 # wait forever
 while true

From c836d0685759a22fd25acb5c1b09f645df7bc797 Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Tue, 7 Apr 2020 20:48:39 -0400
Subject: [PATCH 3/3] Update source_network.t

---
 package/etc/go_templates/source_network.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t
index 6d7a6d3..63ec329 100644
--- a/package/etc/go_templates/source_network.t
+++ b/package/etc/go_templates/source_network.t
@@ -24,7 +24,7 @@ source s_{{ .port_id }} {
         source {
 {{- if or (getenv (print "SC4S_LISTEN_" .port_id "_UDP_PORT")) (eq .port_id "DEFAULT") }}
 {{- $port_id := .port_id }}
-{{- range (math.Seq (getenv "SC4S_SOURCE_LISTEN_UDP_SOCKETS" "5"))}}
+{{- range (math.Seq (getenv "SC4S_SOURCE_LISTEN_UDP_SOCKETS" "1"))}}
 {{- $context := dict "instance" . "port_id" $port_id }}
 {{- template "UDP"  $context }}
 {{- end}}