CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-28 19:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

exclude zeekcaptureloss when suricata metadata selected https://github.com/Security-Onion-Solutions/securityonion/issues/3206

Browse Source
This commit is contained in:
m0duspwnens
2021-03-01 13:31:05 -05:00
parent 8f8651c52c
commit 3983e08fe5
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/telegraf/etc/telegraf.conf
View File

@@ -684,8 +684,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
"/scripts/oldpcap.sh",
"/scripts/raid.sh"
]
@@ -697,8 +699,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
"/scripts/oldpcap.sh",
"/scripts/eps.sh",
"/scripts/raid.sh"
@@ -713,8 +717,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
"/scripts/oldpcap.sh",
"/scripts/eps.sh",
"/scripts/raid.sh"
@@ -728,8 +734,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
"/scripts/oldpcap.sh",
"/scripts/influxdbsize.sh",
"/scripts/raid.sh"
@@ -742,8 +750,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
"/scripts/oldpcap.sh",
"/scripts/helixeps.sh"
]

3
salt/telegraf/init.sls
View File

@@ -29,6 +29,9 @@ tgrafsyncscripts:
- file_mode: 700
- template: jinja
- source: salt://telegraf/scripts
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %}
- exclude_pat: zeekcaptureloss.sh
{% endif %}
tgrafconf:
file.managed: