From a21ffaecc8fba94ac1b5f03c92e882ea9e955aac Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 13 Mar 2020 15:05:25 -0400
Subject: [PATCH] add option to compress archived logs for zeekctl -
 https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/97

---
 salt/zeek/defaults.yml            | 1 +
 salt/zeek/files/zeekctl.cfg.jinja | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/salt/zeek/defaults.yml b/salt/zeek/defaults.yml
index 1fb159805..07393abeb 100644
--- a/salt/zeek/defaults.yml
+++ b/salt/zeek/defaults.yml
@@ -14,3 +14,4 @@ zeek:
     LogDir: /nsm/zeek/logs
     SpoolDir: /nsm/zeek/spool
     CfgDir: /opt/zeek/etc
+    CompressLogs: 1
diff --git a/salt/zeek/files/zeekctl.cfg.jinja b/salt/zeek/files/zeekctl.cfg.jinja
index db486a6fd..d3b2f27da 100644
--- a/salt/zeek/files/zeekctl.cfg.jinja
+++ b/salt/zeek/files/zeekctl.cfg.jinja
@@ -73,3 +73,6 @@ SpoolDir = {{ ZEEKCTL.SpoolDir }}
 # Location of other configuration files that can be used to customize
 # ZeekControl operation (e.g. local networks, nodes).
 CfgDir = {{ ZEEKCTL.CfgDir }}
+
+# True to compress archived log files
+CompressLogs = {{ ZEEKCTL.CompressLogs }}