Merge pull request #107 from balabit/develop

Merging syslog-ng OSE 3.38 documentation changes to master for release
balabit · May 25, 2023 · 2f4a52e · 2f4a52e
2 parents 7137066 + c1c7b12
commit 2f4a52e
Show file tree

Hide file tree

Showing 22 changed files with 130 additions and 145 deletions.
diff --git a/Content/Guides/shared/documentation-license.htm b/Content/Guides/shared/documentation-license.htm
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd">
+    <head>
+    </head>
+    <body name="documentation-license">
+        <h1 name="documentation-license">The <MadCap:variable name="General.OSELong" /> Documentation License</h1>
+        <MadCap:snippetBlock src="../../Resources/Snippets/Common/Legal/CopyrightTitle.flsnp" />
+        <p>Permission is hereby granted, free of charge, to any person obtaining a copy of these documentation files (the "Documentation"), to use the Documentation subject to the following conditions:</p>
+        <ol>
+            <li>
+                <p>The above copyright notice and this permission notice shall be included in all copies or portions of the Documentation. Any and all copies of the above copyright and this permission notice contained in the Documentation shall not be removed, obscured, or modified.</p>
+            </li>
+            <li>
+                <p>If you modify the Documentation, You must cause any modified files to carry prominent notices stating that You changed the files.</p>
+            </li>
+            <li>
+                <p>The Documentation contains trademarks and registered trademarks owned by One Identity and its affiliates. Permission is granted to make and distribute verbatim copies of the Documentation from the official syslog-ng.com site. Modified versions of the Documentation containing One Identity trademarks are permitted exclusively for internal use; however, all external distributions of modified Documentation are prohibited from containing any One Identity trademarks which include syslog-ng, the syslog-ng logo, Balabit, the Balabit logo, One Identity and the One Identity logo.</p>
+            </li>
+            <li>
+                <p>No relationship is established as a result of this Documentation license. Any statements that suggest a partnership or other relationship with One Identity and its affiliates are prohibited.</p>
+            </li>
+        </ol>
+        <p>THE DOCUMENTATION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE DOCUMENTATION OR THE USE OR OTHER DEALINGS IN THE DOCUMENTATION.</p>
+        <p><b>YOU ACKNOWLEDGE THAT THE DOCUMENTATION YOU ARE DOWNLOADING IS SUBJECT TO THE RESTRICTIONS AND CONTROLS IMPOSED BY UNITED STATES EXPORT REGULATIONS.</b>
+        </p>
+        <p><b>YOU CERTIFY THAT:</b>
+        </p>
+        <ul>
+            <li>
+                <p><b>YOU DO NOT INTEND TO USE THE DOCUMENTATION FOR ANY PURPOSE PROHIBITED BY UNITED STATES EXPORT REGULATIONS, INCLUDING, WITHOUT LIMITATION, TERRORISM, CYBER-ATTACKS, CYBER-CRIMES, MONEY-LAUNDERING, INDUSTRIAL ESPIONAGE, OR NUCLEAR, CHEMICAL OR BIOLOGICAL WEAPONS PROLIFERATION.</b>
+                </p>
+            </li>
+            <li>
+                <p><b>YOU ARE NOT LISTED AS A DENIED PARTY ON ANY LIST GOVERNING UNITED STATES EXPORTS.</b>
+                </p>
+            </li>
+            <li>
+                <p><b>YOU ARE NOT A NATIONAL OF ANY COUNTRY THAT IS NOT APPROVED TO RECEIVE A U.S. EXPORT. AS OF 2023, THESE COUNTRIES ARE CUBA, IRAN, NORTH KOREA, SYRIA, BELARUS AND RUSSIA.</b>
+                </p>
+            </li>
+        </ul>
+        <p>If any of the above applicable conditions are not met or if your certification is inaccurate, this restricted copyright license is immediately terminated.</p>
+    </body>
+</html>
diff --git a/Content/Guides/syslog-ng-guide-admin/chapter-install.htm b/Content/Guides/syslog-ng-guide-admin/chapter-install.htm
@@ -10,7 +10,7 @@ <h1 name="chapter-install">Installing syslog-ng</h1>
         <p>This chapter explains how to install <MadCap:variable name="General.product"></MadCap:variable> on various platforms.</p>
         <ul>
             <li MadCap:conditions="General.OSE">
-                <p>You can install <MadCap:variable name="General.abbrev" /> on many platforms using the package manager and official repositories of the platform. For a list of third-party packages available for various Linux, UNIX, and other platforms, see the <a href="[%=General.downloads-link%]">[%=General.downloads-text%]</a>.</p>
+                <p>You can install <MadCap:variable name="General.abbrev" /> on many platforms using the package manager and official repositories of the platform. For a list of third-party packages available for various Linux, UNIX, and other platforms, see <a href="https://www.syslog-ng.com/products/open-source-log-management/3rd-party-binaries.aspx">syslog-ng Open Source Edition installation packages</a>.</p>
             </li>
             <li MadCap:conditions="General.OSE">
                 <p>For instructions on compiling syslog-ng Open Source Edition from the source code, see <MadCap:xref href="compiling-syslog-ng.htm"><span style="color: #04aada;" class="mcFormatColor">Compiling syslog-ng from source</span></MadCap:xref>.</p>

diff --git a/Content/Guides/syslog-ng-guide-admin/cisco-parser.htm b/Content/Guides/syslog-ng-guide-admin/cisco-parser.htm
@@ -21,7 +21,7 @@ <h1 name="cisco-parser">Cisco parser</h1>
 &lt;189&gt;32: 0.0.0.0: *Apr 29 13:59:12.491: %SYS-5-CONFIG_I: Configured from console by console
 &lt;189&gt;32: foo: *Apr 29 13:58:46.411: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.</pre>
         <div class="Note">
-            <p class="Hyphenation"><span class="AllNoteStyles">NOTE:</span> Note that not every Cisco log message conforms to this format. If you find a message that the <span class="Code">cisco-parser()</span> cannot properly parse, <a href="[%=General.contact-support-link%]">[%=General.contact-support-text%]</a> so we can improve the parser.</p>
+            <p class="Hyphenation"><span class="AllNoteStyles">NOTE:</span> Not every Cisco log message conforms to this format. If you find a message that the <span class="Code">cisco-parser()</span> cannot properly parse, <a href="https://www.syslog-ng.com/support/">contact Support</a>, so we can improve the parser.</p>
         </div>
         <p>The <MadCap:variable name="General.abbrev"></MadCap:variable> application normalizes the parsed log messages into the following format:</p><pre>${MESSAGE}=%FAC-SEV-MNEMONIC: message
 ${HOST}=origin-id</pre>

diff --git a/Content/Guides/syslog-ng-guide-admin/compiling-syslog-ng.htm b/Content/Guides/syslog-ng-guide-admin/compiling-syslog-ng.htm
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" MadCap:conditions="General.OSE">
     <head>
+        <link href="../../Resources/TableStyles/NoteTable_Yellow_DoNotEdit.css" rel="stylesheet" MadCap:stylesheetType="table" />
         <meta name="description" content="" />
     </head>
     <body name="compiling-syslog-ng">
@@ -11,7 +12,7 @@ <h1 name="compiling-syslog-ng">Compiling syslog-ng from source</h1>
         </MadCap:keyword>
         <div>
             <h6>Purpose:</h6>
-            <p>To compile syslog-ng Open Source Edition (OSE) from the source code, complete the following steps. Alternatively, you can use precompiled binary packages on several platforms. For a list of third-party packages available for various Linux, UNIX, and other platforms, see the <a href="[%=General.downloads-link%]">[%=General.downloads-text%]</a>.</p>
+            <p>To compile syslog-ng Open Source Edition (OSE) from the source code, complete the following steps. Alternatively, you can use precompiled binary packages on several platforms. For a list of third-party packages available for various Linux, UNIX, and other platforms, see <a href="https://www.syslog-ng.com/products/open-source-log-management/3rd-party-binaries.aspx">syslog-ng Open Source Edition installation packages</a>.</p>
         </div>
         <div>
             <h6>Steps:</h6>

diff --git a/Content/Guides/syslog-ng-guide-admin/concepts-licensing.htm b/Content/Guides/syslog-ng-guide-admin/concepts-licensing.htm
@@ -11,5 +11,6 @@ <h1 name="concepts-licensing"><a name="concepts-licensing"></a>Product licensing
 			Practically, the code stored under the <span class="Code">lib</span> directory of the source code package is under LGPL, the rest is GPL.</p>
         </div>
         <p>For details about the LGPL and GPL licenses, see <MadCap:xref href="../shared/lgpl-2.1.htm"><span style="color: #04aada;" class="mcFormatColor">GNU Lesser General Public License</span></MadCap:xref> and <MadCap:xref href="../shared/gpl.htm"><span style="color: #04aada;" class="mcFormatColor">GNU General Public License</span></MadCap:xref>, respectively.</p>
+        <p>For clarity, the Documentation is licensed separately. For details, see <MadCap:xref href="../shared/documentation-license.htm"><span style="color: #04aada;" class="mcFormatColor">The <MadCap:variable name="General.OSELong" /> Documentation License</span></MadCap:xref>.</p>
     </body>
 </html>
diff --git a/Content/Guides/syslog-ng-guide-admin/parser-checkpoint.htm b/Content/Guides/syslog-ng-guide-admin/parser-checkpoint.htm
@@ -17,7 +17,7 @@ <h1 name="parser-checkpoint">Check Point Log Exporter parser</h1>
         <p>The Check Point Log Exporter parser can parse Check Point log messages. These messages do not completely comply with the syslog RFCs, making them difficult to parse. The <span class="Code">checkpoint-parser()</span> of <MadCap:variable name="General.abbrev" /> solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in <MadCap:variable name="General.abbrev" /> see <MadCap:xref href="concepts-value-pairs.htm"><span style="color: #04aada;" class="mcFormatColor">Structuring macros, metadata, and other value-pairs</span></MadCap:xref>. The parser can parse messages in the following formats:</p><pre>&lt;PRI&gt;&lt;VERSION&gt; &lt;YYYY-MM-DD&gt; &lt;HH-MM-SS&gt; &lt;PROGRAM&gt; &lt;PID&gt; &lt;MSGID&gt; - [key1:value1; key2:value2; ... ]</pre>
         <p>For example:</p><pre>&lt;134&gt;1 2018-03-21 17:25:25 MDS-72 CheckPoint 13752 - [action:"Update"; flags:"150784"; ifdir:"inbound"; logid:"160571424"; loguid:"{0x5ab27965,0x0,0x5b20a8c0,0x7d5707b6}";]</pre>
         <p>Splunk format:</p><pre>time=1557767758|hostname=r80test|product=Firewall|layer_name=Network|layer_uuid=c0264a80-1832-4fce-8a90-d0849dc4ba33|match_id=1|parent_rule=0|rule_action=Accept|rule_uid=4420bdc0-19f3-4a3e-8954-03b742cd3aee|action=Accept|ifdir=inbound|ifname=eth0|logid=0|loguid={0x5cd9a64e,0x0,0x5060a8c0,0xc0000001}|origin=192.168.96.80|originsicname=cn\=cp_mgmt,o\=r80test..ymydp2|sequencenum=1|time=1557767758|version=5|dst=192.168.96.80|inzone=Internal|outzone=Local|proto=6|s_port=63945|service=443|service_id=https|src=192.168.96.27|</pre>
-        <p>If you find a message that the <span class="Code">checkpoint-parser()</span> cannot properly parse, <a href="[%=General.contact-support-link%]">[%=General.contact-support-text%]</a> so we can improve the parser.</p>
+        <p>If you find a message that the <span class="Code">checkpoint-parser()</span> cannot properly parse, <a href="https://www.syslog-ng.com/support/">contact Support</a>, so we can improve the parser.</p>
         <p>By default, the Check Point-specific fields are extracted into name-value pairs prefixed with <b class="UI">.checkpoint</b>. For example, the <b class="UI">action</b> in the previous message becomes <b class="UI">${.checkpoint.action}</b>. You can change the prefix using the <span class="Code">prefix</span> option of the parser.</p>
         <div>
             <h6>Declaration:</h6><pre>@version: <MadCap:variable name="Version.techversion" />

diff --git a/Content/Guides/syslog-ng-guide-admin/parser-fortigate.htm b/Content/Guides/syslog-ng-guide-admin/parser-fortigate.htm
@@ -14,7 +14,7 @@ <h1 name="parser-fortigate">Fortigate parser</h1>
         </MadCap:keyword>
         <p>The Fortigate parser can parse the log messages of FortiGate/FortiOS (Fortigate Next-Generation Firewall (NGFW)). These messages do not completely comply with the syslog RFCs, making them difficult to parse. The <span class="Code">fortigate-parser()</span> of <MadCap:variable name="General.abbrev" /> solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in syslog-ng OSE see Structuring macros, metadata, and other value-pairs. The parser can parse messages in the following format:</p><pre>&lt;PRI&gt;&lt;NAME=VALUE PAIRS&gt;</pre>
         <p>For example:</p><pre>&lt;189&gt;date=2021-01-15 time=12:58:59 devname="FORTI_111" devid="FG100D3G12801312" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" eventtime=1610704739683510055 tz="+0300" srcip=91.234.154.139 srcname="91.234.154.139" srcport=45295 srcintf="wan1" srcintfrole="wan" dstip=213.59.243.9 dstname="213.59.243.9" dstport=46730 dstintf="unknown0" dstintfrole="undefined" sessionid=2364413215 proto=17 action="deny" policyid=0 policytype="local-in-policy" service="udp/46730" dstcountry="Russian Federation" srccountry="Russian Federation" trandisp="noop" app="udp/46730" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=5 craction=262144 crlevel="low"</pre>
-        <p>If you find a message that the <span class="Code">fortigate-parser()</span> cannot properly parse, <a href="[%=General.contact-support-link%]">[%=General.contact-support-text%]</a> so we can improve the parser.</p>
+        <p>If you find a message that the <span class="Code">fortigate-parser()</span> cannot properly parse, <a href="https://www.syslog-ng.com/support/">contact Support</a>, so we can improve the parser.</p>
         <p>By default, the Fortigate-specific fields are extracted into name-value pairs prefixed with <span class="Code">.fortigate.</span> For example, the devname in the previous message becomes <span class="Code">${.fortigate.devname}.</span> You can change the prefix using the prefix option of the parser.</p>
         <div>
             <h6>Declaration:</h6><pre>@version: <MadCap:variable name="Version.techversion"></MadCap:variable>

diff --git a/Content/Guides/syslog-ng-guide-admin/parser-netskope.htm b/Content/Guides/syslog-ng-guide-admin/parser-netskope.htm
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" MadCap:conditions="General.OSE">
     <head>
+        <link href="../../Resources/TableStyles/RuledTableWithHeading_DoNotEdit.css" rel="stylesheet" MadCap:stylesheetType="table" />
         <meta name="description" content="" />
     </head>
     <body name="Netskope-parser">
@@ -15,7 +16,7 @@ <h1 name="Netskope-parser">Netskope parser</h1>
         </MadCap:keyword>
         <p>The Netskope parser can parse Netskope log messages. These messages do not completely comply with the syslog RFCs, making them difficult to parse. The <span class="Code">netskope-parser()</span> of <MadCap:variable name="General.abbrev"></MadCap:variable> solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in <MadCap:variable name="General.abbrev"></MadCap:variable> see <MadCap:xref href="concepts-value-pairs.htm"><span style="color: #04aada;" class="mcFormatColor">Structuring macros, metadata, and other value-pairs</span></MadCap:xref>. The parser can parse messages in the following format:</p><pre>&lt;PRI&gt;{JSON-formatted-log-message}</pre>
         <p>For example:</p><pre>&lt;134&gt;{"count": 1, "supporting_data": {"data_values": ["x.x.x.x", "user@domain.com"], "data_type": "user"}, "organization_unit": "domain/domain/Domain Users/Enterprise Users", "severity_level": 2, "category": null, "timestamp": 1547421943, "_insertion_epoch_timestamp": 1547421943, "ccl": "unknown", "user": "user@domain.com", "audit_log_event": "Login Successful", "ur_normalized": "user@domain.com", "_id": "936289", "type": "admin_audit_logs", "appcategory": null}</pre>
-        <p>If you find a message that the <span class="Code">netskope-parser()</span> cannot properly parse, <a href="[%=General.contact-support-link%]">[%=General.contact-support-text%]</a> so we can improve the parser.</p>
+        <p>If you find a message that the <span class="Code">netskope-parser()</span> cannot properly parse, <a href="https://www.syslog-ng.com/support/">contact Support</a>, so we can improve the parser.</p>
         <p>The <MadCap:variable name="General.abbrev"></MadCap:variable> application sets the <span class="Code">${PROGRAM}</span> field to <span class="Code">Netskope</span>.</p>
         <p>By default, the Netskope-specific fields are extracted into name-value pairs prefixed with <span class="Code">.netskope</span>. For example, the <span class="Code">organization_unit</span> in the previous message becomes <span class="Code">${.netskope.organization_unit}</span>. You can change the prefix using the <b class="Code">prefix</b> option of the parser.</p>
         <div>

diff --git a/Content/Guides/syslog-ng-guide-admin/parser-websense.htm b/Content/Guides/syslog-ng-guide-admin/parser-websense.htm
@@ -16,7 +16,7 @@ <h1 name="websense-parser">Websense parser</h1>
         </MadCap:keyword>
         <p>The Websense parser can parse the log messages of Websense Content Gateway (Raytheon|Websense, now Forcepoint). These messages do not completely comply with the syslog RFCs, making them difficult to parse. The <span class="Code">websense-parser()</span> of <MadCap:variable name="General.abbrev"></MadCap:variable> solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in <MadCap:variable name="General.abbrev"></MadCap:variable> see <MadCap:xref href="concepts-value-pairs.htm"><span style="color: #04aada;" class="mcFormatColor">Structuring macros, metadata, and other value-pairs</span></MadCap:xref>. The parser can parse messages in the following format:</p><pre>&lt;PRI&gt;&lt;DATE&gt; &lt;TIMEZONE&gt; &lt;IP-ADDRESS&gt; &lt;NAME=VALUE PAIRS&gt;</pre>
         <p>For example:</p><pre>&lt;159&gt;Dec 19 10:48:57 EST 192.168.1.1 vendor=Websense product=Security product_version=7.7.0 action=permitted severity=1 category=153 user=- src_host=192.168.2.1 src_port=62189 dst_host=example.com dst_ip=192.168.3.1 dst_port=443 bytes_out=197 bytes_in=76 http_response=200 http_method=CONNECT http_content_type=- http_user_agent=Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_enUS;_rv:1.9.2.23)_Gecko/20110920_Firefox/3.6.23 http_proxy_status_code=200 reason=- disposition=1034 policy=- role=8 duration=0 url=https://example.com</pre>
-        <p>If you find a message that the <span class="Code">websense-parser()</span> cannot properly parse, <a href="[%=General.contact-support-link%]">[%=General.contact-support-text%]</a> so we can improve the parser.</p>
+        <p>If you find a message that the <span class="Code">websense-parser()</span> cannot properly parse, <a href="https://www.syslog-ng.com/support/">contact Support</a>, so we can improve the parser.</p>
         <p>The <MadCap:variable name="General.abbrev"></MadCap:variable> application sets the <span class="Code">${PROGRAM}</span> field to <span class="Code">Websense</span>.</p>
         <p>By default, the websense-specific fields are extracted into name-value pairs prefixed with <span class="Code">.websense</span>. For example, the <span class="Code">product_version</span> in the previous message becomes <span class="Code">${.websense.product_version}</span>. You can change the prefix using the <b class="Code">prefix</b> option of the parser.</p>
         <div>

diff --git a/Content/Guides/syslog-ng-guide-admin/report-bugs.htm b/Content/Guides/syslog-ng-guide-admin/report-bugs.htm
@@ -5,6 +5,6 @@
     </head>
     <body name="report-bugs">
         <h1 name="report-bugs"><a name="report-bugs"></a>Reporting bugs and finding help</h1>
-        <p>If you need help, want to open a support ticket, or report a bug, we recommend using the <b class="Code">syslog-ng-debun</b> tool to collect information about your environment and <MadCap:variable name="General.abbrev"></MadCap:variable> version. For details, see <MadCap:xref href="../manpages/syslog-ng-debun.1.html"><span style="color: #04aada;" class="mcFormatColor">The syslog-ng-debun manual page</span></MadCap:xref>. For support contacts, see <MadCap:xref href="../../Common/AboutCompany.htm"><span style="color: #04aada;" class="mcFormatColor">About us</span></MadCap:xref>.</p>
+        <p>If you need help, want to open a support ticket, or report a bug, we recommend using the <b class="Code">syslog-ng-debun</b> tool to collect information about your environment and <MadCap:variable name="General.abbrev" /> version. For details, see the <i class="Guide">syslog-ng-debun manual page</i>. For support contacts, see <MadCap:xref href="../../Common/AboutCompany.htm"><span style="color: #04aada;" class="mcFormatColor">About us</span></MadCap:xref>.</p>
     </body>
 </html>