CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-23 21:12:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15571 from Security-Onion-Solutions/m0duspwnens-patch-1

Browse Source 
fix enable/disable suricata pcap
This commit is contained in:
Josh Patterson
2026-03-10 11:03:27 -04:00
committed by GitHub
parent 179c1ea7f7 6472c610d0
commit 0d6cb3bd12
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/suricata/map.jinja
View File

@@ -16,7 +16,13 @@
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
{% endif %}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
{% set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %}
{% if PCAP.enabled and GLOBALS.role != 'so-import'%}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
{% else %}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'no'}) %}
{% endif %}
{# move the items in suricata.pcap into suricata.config.outputs.pcap-log. these items were placed under suricata.config for ease of access in SOC #}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'compression': SURICATAMERGED.pcap.compression}) %}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'lz4-checksum': SURICATAMERGED.pcap['lz4-checksum']}) %}