The documentation references modifying the xml file. However, when I use I don't see that xml file modified. It is missing a lot of parameters that are specified in the documentation.

I'm wondering if the documentation is correct to add those parameters or if the is sufficient for the configuration.

Another piece of the documentation references to use upper case "TCP" with tls configured? Not sure if I should specify TCP for the protocol or TLS. If I use TLS should I be pointing to a cert from the sentinel box?

Any example config files showing it working?

I have the eDir CEF instrumentation working, so I think I just need some examples of a working environment. I'm assuming it is using syslog ssl or tcp connectors