few more

2025-12-06 09:12:45 +01:00 · 2022-09-20 15:25:50 -04:00
parent 75aa121b2d
commit 1685e0e6db
2 changed files with 13 additions and 11 deletions
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -1,9 +1,10 @@
 zeek:
  config:
    node:
-      lb_procs: 1
-      zeek_pins_enabled: False
-      zeek_pins: []
+      lb_procs: 0
+      pins_enabled: False
+      pins: []
+      buffer: 128*1024*1024
    zeekctl:
      MailTo: root@localhost
      MailConnectionSummary: 1
@@ -21,7 +22,7 @@ zeek:
      CfgDir: /opt/zeek/etc
      CompressLogs: 1
    local:
-      load:
+      '@load':
        - misc/loaded-scripts
        - tuning/defaults
        - misc/capture-loss
@@ -53,7 +54,7 @@ zeek:
        - securityonion/bpfconf
        - securityonion/communityid
        - securityonion/file-extraction
-      load-sigs:
+      '@load-sigs':
        - frameworks/signatures/detect-windows-shells
      redef:
        - LogAscii::use_json = T;
--- a/salt/zeek/files/node.cfg.jinja
+++ b/salt/zeek/files/node.cfg.jinja
@@ -1,3 +1,4 @@
+{%- if NODE.pins or NODE.lb_procs %}
 [manager]
 type=manager
 host=localhost
@@ -15,17 +16,17 @@ type=worker
 host=localhost
 interface=af_packet::{{ NODE.interface }}
 lb_method=custom
-  {%- if NODE.lbprocs %}
-lb_procs={{ NODE.lbprocs }}
+  {%- if NODE.lb_procs %}
+lb_procs={{ NODE.lb_procs }}
    {%- else %}
-lb_procs={{ NODE.zeek_pins | length }}
+lb_procs={{ NODE.pins | length }}
  {%- endif %}
-  {%- if NODE.zeek_pins %}
-pin_cpus={{ NODE.zeek_pins | join(", ") }}
+  {%- if NODE.pins %}
+pin_cpus={{ NODE.pins | join(", ") }}
  {%- endif %}
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH
-af_packet_buffer_size={{ NODE.zeek_buffer }}
+af_packet_buffer_size={{ NODE.buffer }}
 {%- else %}
 [zeeksa]
 type=standalone