mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 01:32:47 +01:00
Merge pull request #292 from Security-Onion-Solutions/bugfix/evalproblem
Fix Eval Event Pickup x2
This commit is contained in:
Mike Reeves
GitHub
@@ -130,7 +130,7 @@ lspipelinesyml:
|
|||||||
- name: /opt/so/conf/logstash/etc/pipelines.yml
|
- name: /opt/so/conf/logstash/etc/pipelines.yml
|
||||||
- source: salt://logstash/etc/pipelines.yml.jinja
|
- source: salt://logstash/etc/pipelines.yml.jinja
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- defaults:
|
- defaults:
|
||||||
pipelines: {{ pipelines }}
|
pipelines: {{ pipelines }}
|
||||||
|
|
||||||
# Copy down all the configs including custom - TODO add watch restart
|
# Copy down all the configs including custom - TODO add watch restart
|
||||||
@@ -166,7 +166,7 @@ lsconfsync:
|
|||||||
- source: salt://logstash/conf/conf.enabled.txt.so-master
|
- source: salt://logstash/conf/conf.enabled.txt.so-master
|
||||||
{% else %}
|
{% else %}
|
||||||
- source: salt://logstash/conf/conf.enabled.txt.{{ nodetype }}
|
- source: salt://logstash/conf/conf.enabled.txt.{{ nodetype }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- user: 931
|
- user: 931
|
||||||
- group: 939
|
- group: 939
|
||||||
- template: jinja
|
- template: jinja
|
||||||
@@ -241,6 +241,10 @@ so-logstash:
|
|||||||
{%- if grains['role'] == 'so-eval' %}
|
{%- if grains['role'] == 'so-eval' %}
|
||||||
- /nsm/bro:/nsm/bro:ro
|
- /nsm/bro:/nsm/bro:ro
|
||||||
- /opt/so/log/suricata:/suricata:ro
|
- /opt/so/log/suricata:/suricata:ro
|
||||||
|
- /opt/so/wazuh/logs/alerts/:/wazuh/alerts:ro
|
||||||
|
- /opt/so/wazuh/logs/archives/:/wazuh/archives:ro
|
||||||
|
- /opt/so/log/fleet/:/osquery/logs:ro
|
||||||
|
- /opt/so/log/strelka:/strelka:ro
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
- watch:
|
- watch:
|
||||||
- file: /opt/so/conf/logstash/etc
|
- file: /opt/so/conf/logstash/etc
|
||||||
|
|||||||
Reference in New Issue
Block a user