[doc] clarify SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE (#602)

* [doc] clarify SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE * Clarification edit * Clarification edit * Clarify edit 2 * Clarify edit 2 * Clarify edit 3 * Clarify edit 3 * Clarify edit 4 * Clarify edit 4 Co-authored-by: mbonsack <mbonsack@splunk.com>
CSVD · Jul 31, 2020 · ff6bc26 · ff6bc26
1 parent 0d29de7
commit ff6bc26
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -24,7 +24,7 @@ syslog.
 | SC4S_DEST_SPLUNK_HEC_GLOBAL | yes | Send events to Splunk using HEC.  This applies _only_ to the primary HEC destination. |
 | SC4S_DEST_SPLUNK_HEC_CIPHER_SUITE | comma separated list | Open SSL cipher suite list |
 | SC4S_DEST_SPLUNK_HEC_SSL_VERSION |  comma separated list | Open SSL version list |
-| SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE | path | Custom trusted cert file |
+| SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE | _container_ path `/opt/syslog-ng/tls/server.pem` | Custom trusted cert file, specified as a full path in the _container_ filesystem: `/opt/syslog-ng/tls/<ca-file>`<br>Ensure that the container TLS directory `/opt/syslog-ng/tls` is available locally via container mount in the `docker-compose.yml` or systemd unit file, and that you place the CA file in the locally-mounted directory. |
 | SC4S_DEST_SPLUNK_HEC_TLS_VERIFY | yes(default) or no | verify HTTP(s) certificate |
 | SC4S_DEST_SPLUNK_HEC_WORKERS | numeric | Number of destination workers (default: 10 threads).  This should rarely need to be changed; consult sc4s community for advice on appropriate setting in extreme high- or low-volume environments. |
 | SC4S_DEST_SPLUNK_INDEXED_FIELDS | facility,<br>severity,<br>container,<br>loghost,<br>destport,<br>fromhostip,<br>proto<br><br>none | List of sc4s indexed fields that will be included with each event in Splunk (default is the entire list except "none").  Two other indexed fields, `sc4s_vendor_product` and `sc4s_syslog_format`, will also appear along with the fields selected via the list and cannot be turned on or off individually.  If no indexed fields are desired (including the two internal ones), set the value to the single value of "none".  When setting this variable, separate multiple entries with commas and do not include extra spaces.<br><br>This list maps to the following indexed fields that will appear in all Splunk events:<br>facility: sc4s_syslog_facility<br>severity: sc4s_syslog_severity<br>container: sc4s_container<br>loghost: sc4s_loghost<br>dport: sc4s_destport<br>fromhostip: sc4s_fromhostip<br>proto: sc4s_proto