Merge remote-tracking branch 'remotes/origin/2.4/dev' into 2.4/kibanauser

2025-12-06 09:12:45 +01:00 · 2023-10-25 11:33:38 -04:00
parent 3ad480453a d562445686
commit 1e710a22ce
5 changed files with 5 additions and 4 deletions
--- a/salt/elasticsearch/files/ingest/suricata.common
+++ b/salt/elasticsearch/files/ingest/suricata.common
@@ -2,6 +2,7 @@
  "description" : "suricata.common",
  "processors" : [
    { "json":   { "field": "message",                   "target_field": "message2",             "ignore_failure": true  } },
+    { "rename": { "field": "message2.pkt_src",          "target_field": "network.packet_source","ignore_failure": true  } },
    { "rename": { "field": "message2.proto",            "target_field": "network.transport",    "ignore_failure": true  } },
    { "rename": { "field": "message2.flow_id",          "target_field": "log.id.uid",           "ignore_failure": true  } },
    { "rename": { "field": "message2.src_ip",           "target_field": "source.ip",            "ignore_failure": true  } },
--- a/salt/pcap/config.sls
+++ b/salt/pcap/config.sls
@@ -41,7 +41,7 @@ pcap_sbin:
    - file_mode: 755

 {% if PCAPBPF %}
-   {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + PCAPBPF|join(" "),cwd='/root') %}
+   {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + PCAPBPF|join(" "),cwd='/root') %}
   {% if BPF_CALC['stderr'] == "" %}
      {% set BPF_COMPILED =  ",\\\"--filter=" + BPF_CALC['stdout'] + "\\\""  %}
   {% else  %}
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -129,7 +129,7 @@ surithresholding:

 # BPF compilation and configuration
 {% if SURICATABPF %}
-   {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + SURICATABPF|join(" "),cwd='/root') %}
+   {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + SURICATABPF|join(" "),cwd='/root') %}
   {% if BPF_CALC['stderr'] == "" %}
      {% set BPF_STATUS = 1  %}
   {% else  %}
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -280,7 +280,7 @@ suricata:
        mqtt:
          enabled: 'no'
        http2:
-          enabled: 'no'
+          enabled: 'yes'
    asn1-max-frames: 256
    run-as:
      user: suricata
--- a/salt/zeek/config.sls
+++ b/salt/zeek/config.sls
@@ -152,7 +152,7 @@ plcronscript:

 # BPF compilation and configuration
 {% if ZEEKBPF %}
-   {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + ZEEKBPF|join(" "),cwd='/root') %}
+   {% set BPF_CALC = salt['cmd.script']('salt://common/tools/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + ZEEKBPF|join(" "),cwd='/root') %}
   {% if BPF_CALC['stderr'] == "" %}
       {% set BPF_STATUS = 1  %}
  {% else  %}