CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Eval Event Pickup x2

Browse Source
This commit is contained in:
Mike Reeves
2020-01-30 16:16:21 -05:00
parent 5c64d19c01
commit 1e0d0d74e1
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/logstash/init.sls
View File

@@ -130,7 +130,7 @@ lspipelinesyml:
- name: /opt/so/conf/logstash/etc/pipelines.yml
- source: salt://logstash/etc/pipelines.yml.jinja
- template: jinja
- defaults:
- defaults:
pipelines: {{ pipelines }}
# Copy down all the configs including custom - TODO add watch restart
@@ -166,7 +166,7 @@ lsconfsync:
- source: salt://logstash/conf/conf.enabled.txt.so-master
{% else %}
- source: salt://logstash/conf/conf.enabled.txt.{{ nodetype }}
{% endif %}
{% endif %}
- user: 931
- group: 939
- template: jinja
@@ -241,6 +241,10 @@ so-logstash:
{%- if grains['role'] == 'so-eval' %}
- /nsm/bro:/nsm/bro:ro
- /opt/so/log/suricata:/suricata:ro
- /opt/so/wazuh/logs/alerts/:/wazuh/alerts:ro
- /opt/so/wazuh/logs/archives/:/wazuh/archives:ro
- /opt/so/log/fleet/:/osquery/logs:ro
- /opt/so/log/strelka:/strelka:ro
{%- endif %}
- watch:
- file: /opt/so/conf/logstash/etc