diff --git a/package/etc/conf.d/destinations/splunk_hec_debug.conf b/package/etc/conf.d/destinations/splunk_hec_debug.conf
new file mode 100644
index 0000000..795757b
--- /dev/null
+++ b/package/etc/conf.d/destinations/splunk_hec_debug.conf
@@ -0,0 +1,13 @@
+destination d_hec_debug {
+    file("/opt/syslog-ng/var/archive/debug/${.splunk.sourcetype}/${HOST}/$YEAR-$MONTH-$DAY-message.log"
+        template("curl -k -u \"sc4s HEC debug:$(env SPLUNK_HEC_TOKEN)\" \"$(env SPLUNK_HEC_URL)\" -d '$(format-json
+                 time=$S_UNIXTIME.$S_MSEC
+                 host=${HOST}
+                 source=${.splunk.source}
+                 sourcetype=${.splunk.sourcetype}
+                 index=${.splunk.index}
+                 event=$MSG
+                 fields.*)'\n")
+        create_dirs(yes)
+   );
+};
diff --git a/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl
index c5a2786..f2a7120 100644
--- a/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-juniper_junos.conf.tmpl
@@ -32,7 +32,7 @@ log {
         rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall"), index("netfw"))};
         parser {p_add_context_splunk(key("juniper_junos_fw")); };
     } elif (program('RT_IDS')) {
-        rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp"), index("netids"))};
+        rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall"), index("netfw"))};
         parser {p_add_context_splunk(key("juniper_junos_ids")); };
     } elif (program('RT_UTM')) {
         rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall"), index("netids"))};
diff --git a/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl b/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl
index e42756a..7b743cb 100644
--- a/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl
@@ -31,7 +31,7 @@ log {
         rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall:structured"), index("netfw")) };
         parser {p_add_context_splunk(key("juniper_junos_fw_structured")); };
     } elif (program('RT_IDS')) {
-        rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp:structured"), index("netids")) };
+        rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall:structured"), index("netfw")) };
         parser {p_add_context_splunk(key("juniper_junos_ids_structured")); };
     } elif (program('RT_UTM')) {
         rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall:structured"), index("netfw")) };
diff --git a/tests/test_common.py b/tests/test_common.py
index 012e294..4520212 100644
--- a/tests/test_common.py
+++ b/tests/test_common.py
@@ -259,4 +259,4 @@ def test_check_sc4s_version(record_property, setup_wordlist, setup_splunk, setup
 
     record_property("resultCount", resultCount)
 
-    assert resultCount == 0
+    assert resultCount == 1