Suricata Module - Fix Jinja

salt/filebeat/etc/filebeat.yml

@@ -11,7 +11,7 @@ filebeat.modules:
 # List of prospectors to fetch data.
 filebeat.prospectors:
 #------------------------------ Log prospector --------------------------------
-{%- if BROVER != SURICATA %}
+{%- if BROVER != 'SURICATA' %}
 {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '')  %}
   - type: log
     paths:

salt/suricata/files/suricataMETA.yaml

@@ -280,7 +280,6 @@ outputs:
       append: yes
       #extended: yes     # enable this for extended logging information
       #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P"
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
 
   # a line based log of TLS handshake parameters (no alerts)
@@ -290,7 +289,6 @@ outputs:
       append: yes
       #extended: yes     # Log extended information like fingerprint
       #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %a:%p -> %A:%P %v %n %d %D"
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
       # output TLS transaction where the session is resumed using a
       # session id

salt/suricata/init.sls

@@ -83,4 +83,4 @@ so-suricata:
     - network_mode: host
     - watch:
       - file: /opt/so/conf/suricata/suricata.yaml
-      - file: /opt/so/conf/rules/all.rules
+      - file: /opt/so/conf/suricata/rules/all.rules