From 1685e0e6db563a7374eee749dc486e5362cbf8e3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 20 Sep 2022 15:25:50 -0400 Subject: [PATCH] few more --- salt/zeek/defaults.yaml | 11 ++++++----- salt/zeek/files/node.cfg.jinja | 13 +++++++------ 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/salt/zeek/defaults.yaml b/salt/zeek/defaults.yaml index eb7ce8453..681f29df0 100644 --- a/salt/zeek/defaults.yaml +++ b/salt/zeek/defaults.yaml @@ -1,9 +1,10 @@ zeek: config: node: - lb_procs: 1 - zeek_pins_enabled: False - zeek_pins: [] + lb_procs: 0 + pins_enabled: False + pins: [] + buffer: 128*1024*1024 zeekctl: MailTo: root@localhost MailConnectionSummary: 1 @@ -21,7 +22,7 @@ zeek: CfgDir: /opt/zeek/etc CompressLogs: 1 local: - load: + '@load': - misc/loaded-scripts - tuning/defaults - misc/capture-loss @@ -53,7 +54,7 @@ zeek: - securityonion/bpfconf - securityonion/communityid - securityonion/file-extraction - load-sigs: + '@load-sigs': - frameworks/signatures/detect-windows-shells redef: - LogAscii::use_json = T; diff --git a/salt/zeek/files/node.cfg.jinja b/salt/zeek/files/node.cfg.jinja index f852e2ef0..9ef06bd5a 100644 --- a/salt/zeek/files/node.cfg.jinja +++ b/salt/zeek/files/node.cfg.jinja @@ -1,3 +1,4 @@ +{%- if NODE.pins or NODE.lb_procs %} [manager] type=manager host=localhost @@ -15,17 +16,17 @@ type=worker host=localhost interface=af_packet::{{ NODE.interface }} lb_method=custom - {%- if NODE.lbprocs %} -lb_procs={{ NODE.lbprocs }} + {%- if NODE.lb_procs %} +lb_procs={{ NODE.lb_procs }} {%- else %} -lb_procs={{ NODE.zeek_pins | length }} +lb_procs={{ NODE.pins | length }} {%- endif %} - {%- if NODE.zeek_pins %} -pin_cpus={{ NODE.zeek_pins | join(", ") }} + {%- if NODE.pins %} +pin_cpus={{ NODE.pins | join(", ") }} {%- endif %} af_packet_fanout_id=23 af_packet_fanout_mode=AF_Packet::FANOUT_HASH -af_packet_buffer_size={{ NODE.zeek_buffer }} +af_packet_buffer_size={{ NODE.buffer }} {%- else %} [zeeksa] type=standalone