Change how pcap is written to the minion file

salt/common/tools/sbin/so-minion

@@ -168,13 +168,6 @@ function add_sensor_to_minion() {
 	echo "    config:" >> $PILLARFILE
 	echo "        af-packet:" >> $PILLARFILE
 	echo "            threads: $CORECOUNT" >> $PILLARFILE
-	echo "steno:" >> $PILLARFILE
-	echo "  stenopin: False" >> $PILLARFILE
-	echo "  stenopins:" >> $PILLARFILE
-	echo "    - 3" >> $PILLARFILE
-	echo "  enabled: True" >> $PILLARFILE
-	echo "  disks:" >> $PILLARFILE
-	echo "    - '/some/path'" >> $PILLARFILE
 }
 
 function createSTANDALONE() {

salt/pcap/defaults.yaml

@@ -0,0 +1,11 @@
+pcap:
+    enabled: True
+    config:
+        maxdirectoryfiles: 30000
+        diskfreepercentage: 10
+        blocks: 2048
+        preallocate_file_mb: 4096
+        aiops: 128
+        stenopin: False
+        stenopins: []
+        disks: []

salt/pcap/soc_pcap.yaml

@@ -1,9 +1,9 @@
 pcap:
-  config:
   enabled: 
   description: Enable or Disable Stenographer on all sensors or a single sensor
-    maxfiles:
+  config:
-      description: The maximum number of packet/index files to create before cleaning old ones up. 
+    maxdirectoryfiles:
+      description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. 
     diskfreepercentage:
       description: The disk space percent to always keep free for pcap
     blocks: