CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-11 05:40:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move telegraf_output from global pillar to telegraf pillar

Browse Source 
The Telegraf backend selector lived at global.telegraf_output but it is
a Telegraf-scoped setting, not a cross-cutting grid global. Move both
the value and the UI annotation under the telegraf pillar so it shows
up alongside the other Telegraf tuning knobs in the Configuration UI.

- salt/telegraf/defaults.yaml:    add telegraf.output: BOTH
- salt/telegraf/soc_telegraf.yaml: add telegraf.output annotation
- salt/global/defaults.yaml:      remove global.telegraf_output
- salt/global/soc_global.yaml:    remove global.telegraf_output annotation
- salt/vars/globals.map.jinja:    drop telegraf_output from GLOBALS
- salt/firewall/map.jinja:        read via pillar.get('telegraf:output')
- salt/postgres/telegraf_users.sls: read via pillar.get('telegraf:output')
- salt/telegraf/etc/telegraf.conf: read via TELEGRAFMERGED.output
- salt/postgres/tools/sbin/so-stats-show: update user-facing docs

No behavioral change — default stays BOTH.
This commit is contained in:
Mike Reeves
2026-04-20 16:03:02 -04:00
parent b6a3d1889c
commit 3ecd19d085
9 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/firewall/map.jinja
+1 -1
View File
@@ -56,7 +56,7 @@
{% endif %} {% endif %}
{# Open Postgres (5432) to minion hostgroups when Telegraf is configured to write to Postgres #} {# Open Postgres (5432) to minion hostgroups when Telegraf is configured to write to Postgres #}
{% set TG_OUT = (GLOBALS.telegraf_output | default('INFLUXDB')) | upper %} {% set TG_OUT = salt['pillar.get']('telegraf:output', 'BOTH') | upper %}
{% if TG_OUT in ['POSTGRES', 'BOTH'] %} {% if TG_OUT in ['POSTGRES', 'BOTH'] %}
{% if role.startswith('manager') or role == 'standalone' or role == 'eval' %} {% if role.startswith('manager') or role == 'standalone' or role == 'eval' %}
{% for r in ['sensor', 'searchnode', 'heavynode', 'receiver', 'fleet', 'idh', 'desktop', 'import'] %} {% for r in ['sensor', 'searchnode', 'heavynode', 'receiver', 'fleet', 'idh', 'desktop', 'import'] %}
salt/global/defaults.yaml
+1 -2
View File
@@ -1,4 +1,3 @@
global: global:
pcapengine: SURICATA pcapengine: SURICATA
pipeline: REDIS pipeline: REDIS
telegraf_output: BOTH
salt/global/soc_global.yaml
-8
View File
@@ -59,13 +59,5 @@ global:
description: Allows use of Endgame with Security Onion. This feature requires a license from Endgame. description: Allows use of Endgame with Security Onion. This feature requires a license from Endgame.
global: True global: True
advanced: True advanced: True
telegraf_output:
description: Selects the backend(s) Telegraf writes metrics to. INFLUXDB keeps the current behavior; POSTGRES writes to the grid's Postgres instance; BOTH dual-writes for migration validation.
options:
- INFLUXDB
- POSTGRES
- BOTH
global: True
advanced: True
helpLink: influxdb helpLink: influxdb
salt/postgres/telegraf_users.sls
+1 -1
View File
@@ -7,7 +7,7 @@
{% if sls.split('.')[0] in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% set TG_OUT = (GLOBALS.telegraf_output | default('INFLUXDB')) | upper %} {% set TG_OUT = salt['pillar.get']('telegraf:output', 'BOTH') | upper %}
{% if TG_OUT in ['POSTGRES', 'BOTH'] %} {% if TG_OUT in ['POSTGRES', 'BOTH'] %}
# docker_container.running returns as soon as the container starts, but on # docker_container.running returns as soon as the container starts, but on
salt/postgres/tools/sbin/so-stats-show
+2 -2
View File
@@ -24,7 +24,7 @@ Shows the most recent CPU, memory, disk, and load metrics for each host
from the so_telegraf Postgres database. Without an argument, reports on from the so_telegraf Postgres database. Without an argument, reports on
every host that has data. With a host, limits output to that one. every host that has data. With a host, limits output to that one.
Requires: sudo, so-postgres running, global.telegraf_output set to Requires: sudo, so-postgres running, telegraf.output set to
POSTGRES or BOTH. POSTGRES or BOTH.
EOF EOF
exit 1 exit 1
@@ -56,7 +56,7 @@ so_psql() {
} }
if ! docker exec so-postgres psql -U postgres -lqt 2>/dev/null | cut -d\| -f1 | grep -qw so_telegraf; then if ! docker exec so-postgres psql -U postgres -lqt 2>/dev/null | cut -d\| -f1 | grep -qw so_telegraf; then
echo "Database so_telegraf not found. Is global.telegraf_output set to POSTGRES or BOTH?" echo "Database so_telegraf not found. Is telegraf.output set to POSTGRES or BOTH?"
exit 2 exit 2
fi fi
salt/telegraf/defaults.yaml
+1
View File
@@ -1,5 +1,6 @@
telegraf: telegraf:
enabled: False enabled: False
output: BOTH
config: config:
interval: '30s' interval: '30s'
metric_batch_size: 1000 metric_batch_size: 1000
salt/telegraf/etc/telegraf.conf
+1 -1
View File
@@ -8,7 +8,7 @@
{%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', True) %} {%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', True) %}
{%- set MDENGINE = GLOBALS.md_engine %} {%- set MDENGINE = GLOBALS.md_engine %}
{%- set LOGSTASH_ENABLED = LOGSTASH_MERGED.enabled %} {%- set LOGSTASH_ENABLED = LOGSTASH_MERGED.enabled %}
{%- set TG_OUT = GLOBALS.telegraf_output | upper %} {%- set TG_OUT = TELEGRAFMERGED.output | upper %}
{%- set PG_HOST = GLOBALS.manager_ip %} {%- set PG_HOST = GLOBALS.manager_ip %}
{%- set PG_SAFE = GLOBALS.minion_id | replace('.','_') | replace('-','_') | lower %} {%- set PG_SAFE = GLOBALS.minion_id | replace('.','_') | replace('-','_') | lower %}
{%- set PG_USER = 'so_telegraf_' ~ PG_SAFE %} {%- set PG_USER = 'so_telegraf_' ~ PG_SAFE %}
salt/telegraf/soc_telegraf.yaml
+9
View File
@@ -4,6 +4,15 @@ telegraf:
forcedType: bool forcedType: bool
advanced: True advanced: True
helpLink: influxdb helpLink: influxdb
output:
description: Selects the backend(s) Telegraf writes metrics to. INFLUXDB keeps the current behavior; POSTGRES writes to the grid's Postgres instance; BOTH dual-writes for migration validation.
options:
- INFLUXDB
- POSTGRES
- BOTH
global: True
advanced: True
helpLink: influxdb
config: config:
interval: interval:
description: Data collection interval. description: Data collection interval.
salt/vars/globals.map.jinja
-1
View File
@@ -24,7 +24,6 @@
'md_engine': INIT.PILLAR.global.mdengine, 'md_engine': INIT.PILLAR.global.mdengine,
'pcap_engine': GLOBALMERGED.pcapengine, 'pcap_engine': GLOBALMERGED.pcapengine,
'pipeline': GLOBALMERGED.pipeline, 'pipeline': GLOBALMERGED.pipeline,
'telegraf_output': GLOBALMERGED.telegraf_output,
'so_version': INIT.PILLAR.global.soversion, 'so_version': INIT.PILLAR.global.soversion,
'so_docker_gateway': DOCKERMERGED.gateway, 'so_docker_gateway': DOCKERMERGED.gateway,
'so_docker_range': DOCKERMERGED.range, 'so_docker_range': DOCKERMERGED.range,