Merge pull request #2708 from Security-Onion-Solutions/bugfix/telegraf-zombie-procs

Bugfix/telegraf zombie procs

salt/common/files/log-rotate.conf

@@ -18,6 +18,7 @@
 /opt/so/log/filebeat/*.log
 /opt/so/log/telegraf/*.log
 /opt/so/log/redis/*.log
+/opt/so/log/stenographer/*.log
 /opt/so/log/salt/so-salt-minion-check
 /opt/so/log/salt/minion
 /opt/so/log/salt/master

salt/telegraf/etc/telegraf.conf

@@ -670,47 +670,52 @@
 {% if grains['role'] in ['so-manager', 'so-managersearch'] %}
 [[inputs.exec]]
    commands = [
-     "/scripts/redis.sh",
-     "/scripts/influxdbsize.sh"
+      "/scripts/redis.sh",
+      "/scripts/influxdbsize.sh"
    ]
-   data_format = "influx"
+  data_format = "influx"
+  ## Timeout for each command to complete.
+  timeout = "15s"
 {% elif grains['role'] in ['so-sensor', 'so-heavynode'] %}
 [[inputs.exec]]
    commands = [
-     "/scripts/stenoloss.sh",
-     "/scripts/suriloss.sh",
-     "/scripts/checkfiles.sh",
-     "/scripts/zeekloss.sh",
-     "/scripts/zeekcaptureloss.sh",
-     "/scripts/oldpcap.sh"
+      "/scripts/stenoloss.sh",
+      "/scripts/suriloss.sh",
+      "/scripts/checkfiles.sh",
+      "/scripts/zeekloss.sh",
+      "/scripts/zeekcaptureloss.sh",
+      "/scripts/oldpcap.sh"
    ]
-   data_format = "influx"
+  data_format = "influx"
+  timeout = "15s"
 {% elif grains['role'] == 'so-standalone' %}
 [[inputs.exec]]
    commands = [
-     "/scripts/redis.sh",
-     "/scripts/influxdbsize.sh",
-     "/scripts/stenoloss.sh",
-     "/scripts/suriloss.sh",
-     "/scripts/checkfiles.sh",
-     "/scripts/zeekloss.sh",
-     "/scripts/zeekcaptureloss.sh",
-     "/scripts/oldpcap.sh"
+      "/scripts/redis.sh",
+      "/scripts/influxdbsize.sh",
+      "/scripts/stenoloss.sh",
+      "/scripts/suriloss.sh",
+      "/scripts/checkfiles.sh",
+      "/scripts/zeekloss.sh",
+      "/scripts/zeekcaptureloss.sh",
+      "/scripts/oldpcap.sh"
    ]
-   data_format = "influx"
+  data_format = "influx"
+  timeout = "15s"
 {% elif grains['role'] == 'so-eval' %}
 [[inputs.exec]]
    commands = [
-     "/scripts/redis.sh",
-     "/scripts/stenoloss.sh",
-     "/scripts/suriloss.sh",
-     "/scripts/checkfiles.sh",
-     "/scripts/zeekloss.sh",
-     "/scripts/zeekcaptureloss.sh",
-     "/scripts/oldpcap.sh",
-     "/scripts/influxdbsize.sh"
+      "/scripts/redis.sh",
+      "/scripts/stenoloss.sh",
+      "/scripts/suriloss.sh",
+      "/scripts/checkfiles.sh",
+      "/scripts/zeekloss.sh",
+      "/scripts/zeekcaptureloss.sh",
+      "/scripts/oldpcap.sh",
+      "/scripts/influxdbsize.sh"
    ]
-   data_format = "influx"
+  data_format = "influx"
+  timeout = "15s"
 {% elif grains['role'] == 'so-helix' %}
 [[inputs.exec]]
   commands = [
@@ -723,19 +728,16 @@
     "/scripts/helixeps.sh"
   ]
   data_format = "influx"
+  timeout = "15s"
 {% endif %}
 
-#
-#   ## Timeout for each command to complete.
-#   timeout = "5s"
-#
-#   ## measurement name suffix (for separating different commands)
-#   name_suffix = "_mycollector"
-#
-#   ## Data format to consume.
-#   ## Each data format has its own unique set of configuration options, read
-#   ## more about them here:
-#   ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
+  ## measurement name suffix (for separating different commands)
+  # name_suffix = "_mycollector"
+
+  ## Data format to consume.
+  ## Each data format has its own unique set of configuration options, read
+  ## more about them here:
+  ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
 
 
 

salt/telegraf/init.sls

@@ -48,6 +48,7 @@ so-telegraf:
       - HOST_MOUNT_PREFIX=/host
       - GODEBUG=x509ignoreCN=0
     - network_mode: host
+    - init: True
     - binds:
       - /opt/so/log/telegraf:/var/log/telegraf:rw
       - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro