CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 23:43:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make Filebeat registry persistent to avoid re-reading old data

Browse Source
This commit is contained in:
Wes Lambert
2020-10-05 13:30:04 +00:00
parent cf5b1245ea
commit 1970d95d5f
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/filebeat/init.sls
View File

@@ -44,6 +44,12 @@ filebeatpkidir:
- user: 939 - user: 939
- group: 939 - group: 939
- makedirs: True - makedirs: True
fileregistrydir:
file.directory:
- name: /opt/so/conf/filebeat/registry
- user: 939
- group: 939
- makedirs: True
# This needs to be owned by root # This needs to be owned by root
filebeatconfsync: filebeatconfsync:
file.managed: file.managed:
@@ -69,6 +75,7 @@ so-filebeat:
- /nsm/wazuh/logs/archives:/wazuh/archives:ro - /nsm/wazuh/logs/archives:/wazuh/archives:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
- /opt/so/conf/filebeat/registry:/usr/share/filebeat/data/registry:rw
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
- port_bindings: - port_bindings:
- 0.0.0.0:514:514/udp - 0.0.0.0:514:514/udp
@@ -81,4 +88,4 @@ filebeat_state_not_allowed:
test.fail_without_changes: test.fail_without_changes:
- name: filebeat_state_not_allowed - name: filebeat_state_not_allowed
{% endif %} {% endif %}