CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/4609

Browse Source
This commit is contained in:
m0duspwnens
2021-06-29 12:05:12 -04:00
parent 3d8cbe9427 95c7a7e9de
commit 2d16463fc6
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/influxdb/defaults.yaml
View File

@@ -1,3 +1,5 @@
{% set measurements = salt['cmd.shell']('docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -database telegraf -execute "show measurements" 2> /root/measurement_query.log | jq -r .results[0].series[0].values[]?[0] 2>> /root/measurement_query.log') %}
influxdb: influxdb:
retention_policies: retention_policies:
so_short_term: so_short_term:
@@ -11,3 +13,9 @@ influxdb:
downsample: downsample:
so_long_term: so_long_term:
resolution: 5m resolution: 5m
{% if measurements|length > 0 %}
measurements:
{% for measurement in measurements.splitlines() %}
- {{ measurement }}
{% endfor %}
{% endif %}

9
salt/influxdb/init.sls
View File

@@ -113,11 +113,12 @@ telegraf_database:
{% endfor %} {% endfor %}
{% for dest_rp in influxdb.downsample.keys() %} {% for dest_rp in influxdb.downsample.keys() %}
so_downsample_cq: {% for measurement in influxdb.downsample[dest_rp].get('measurements', []) %}
so_downsample_{{measurement}}_cq:
influxdb_continuous_query.present: influxdb_continuous_query.present:
- name: so_downsample_cq - name: so_downsample_{{measurement}}_cq
- database: telegraf - database: telegraf
- query: SELECT mean(*) INTO "{{dest_rp}}".:MEASUREMENT FROM /.*/ GROUP BY time({{influxdb.downsample[dest_rp].resolution}}),* - query: SELECT mean(*) INTO "{{dest_rp}}"."{{measurement}}" FROM "{{measurement}}" GROUP BY time({{influxdb.downsample[dest_rp].resolution}})
- ssl: True - ssl: True
- verify_ssl: /etc/pki/ca.crt - verify_ssl: /etc/pki/ca.crt
- cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key'] - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key']
@@ -126,7 +127,7 @@ so_downsample_cq:
- docker_container: so-influxdb - docker_container: so-influxdb
- influxdb_database: telegraf_database - influxdb_database: telegraf_database
- file: influxdb_continuous_query.present_patch - file: influxdb_continuous_query.present_patch
- sls: salt.python3-influxdb {% endfor %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}

2
setup/so-whiptail
View File

@@ -220,7 +220,7 @@ whiptail_create_web_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \ WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3) "Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for Elasticsearch, Kibana, TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus