The documentation references modifying the xml file. However, when I use configupdate.sh I don't see that xml file modified. It is missing a lot of parameters that are specified in the documentation.

I'm wondering if the documentation is correct to add those parameters or if the ism-configuration.properties is sufficient for the configuration.

Another piece of the documentation references to use upper case "TCP" with tls configured? Not sure if I should specify TCP for the protocol or TLS. If I use TLS should I be pointing to a cert from the sentinel box?

Any example config files showing it working?

I have the eDir CEF instrumentation working, so I think I just need some examples of a working environment. I'm assuming it is using syslog ssl or tcp connectors

thanks,
Fred