From 3684cdf1c6e07011daee9e84c2e1d469d1728922 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 27 May 2020 17:00:09 +0000
Subject: [PATCH] Update FB and LS

---
 salt/filebeat/init.sls | 2 +-
 salt/logstash/init.sls | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 409594b2d..e5dc78d33 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -57,7 +57,7 @@ so-filebeat:
       - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
       - /nsm/zeek:/nsm/zeek:ro
       - /nsm/strelka/log:/nsm/strelka/log:ro
-      - /opt/so/log/suricata:/suricata:ro
+      - /nsm/suricata:/suricata:ro
       - /opt/so/wazuh/logs/alerts:/wazuh/alerts:ro
       - /opt/so/wazuh/logs/archives:/wazuh/archives:ro
       - /nsm/osquery/fleet/:/nsm/osquery/fleet:ro
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index ba0e015f4..1118b6807 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -198,7 +198,7 @@ so-logstash:
       - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
       {%- if grains['role'] == 'so-eval' %}
       - /nsm/zeek:/nsm/zeek:ro
-      - /opt/so/log/suricata:/suricata:ro
+      - /nsm/suricata:/suricata:ro
       - /opt/so/wazuh/logs/alerts:/wazuh/alerts:ro
       - /opt/so/wazuh/logs/archives:/wazuh/archives:ro
       - /opt/so/log/fleet/:/osquery/logs:ro