From 0a3c20fccf99878229e7a42ced02211657bdf72e Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 13 Nov 2018 14:10:21 -0500
Subject: [PATCH] Suricata Module - Fix Jinja

---
 salt/filebeat/etc/filebeat.yml        | 2 +-
 salt/suricata/files/suricataMETA.yaml | 2 --
 salt/suricata/init.sls                | 2 +-
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 4dca9ff91..8b4520a3a 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -11,7 +11,7 @@ filebeat.modules:
 # List of prospectors to fetch data.
 filebeat.prospectors:
 #------------------------------ Log prospector --------------------------------
-{%- if BROVER != SURICATA %}
+{%- if BROVER != 'SURICATA' %}
 {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '')  %}
   - type: log
     paths:
diff --git a/salt/suricata/files/suricataMETA.yaml b/salt/suricata/files/suricataMETA.yaml
index ff8860630..df6aa878a 100644
--- a/salt/suricata/files/suricataMETA.yaml
+++ b/salt/suricata/files/suricataMETA.yaml
@@ -280,7 +280,6 @@ outputs:
       append: yes
       #extended: yes     # enable this for extended logging information
       #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P"
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
 
   # a line based log of TLS handshake parameters (no alerts)
@@ -290,7 +289,6 @@ outputs:
       append: yes
       #extended: yes     # Log extended information like fingerprint
       #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %a:%p -> %A:%P %v %n %d %D"
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
       # output TLS transaction where the session is resumed using a
       # session id
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index d9f67b172..90ce29e4a 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -83,4 +83,4 @@ so-suricata:
     - network_mode: host
     - watch:
       - file: /opt/so/conf/suricata/suricata.yaml
-      - file: /opt/so/conf/rules/all.rules
+      - file: /opt/so/conf/suricata/rules/all.rules