pillarize zeek node.cfg. change reference from bro to zeek.

salt/deprecated-bro/files/node.cfg

@@ -1,13 +1,13 @@
 {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
 
-{%- if salt['pillar.get']('sensor:bro_pins') or salt['pillar.get']('sensor:bro_lbprocs') %}
-{%- if salt['pillar.get']('sensor:bro_proxies') %}
-  {%- set proxies =  salt['pillar.get']('sensor:bro_proxies', '1') %}
+{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
+{%- if salt['pillar.get']('sensor:zeek_proxies') %}
+  {%- set proxies =  salt['pillar.get']('sensor:zeek_proxies', '1') %}
 {%- else %}
-  {%- if salt['pillar.get']('sensor:bro_pins') %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %}
+  {%- if salt['pillar.get']('sensor:zeek_pins') %}
+    {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
   {%- else %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_lbprocs')/10)|round(0, 'ceil')|int %}
+    {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
   {%- endif %}
 {%- endif %}
 [manager]
@@ -28,13 +28,13 @@ host=localhost
 interface=af_packet::{{ interface }}
 lb_method=custom
 
-{%- if salt['pillar.get']('sensor:bro_lbprocs') %}
-lb_procs={{ salt['pillar.get']('sensor:bro_lbprocs', '1') }}
+{%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
+lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
 {%- else %}
-lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }}
+lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
 {%- endif %}
-{%- if salt['pillar.get']('sensor:bro_pins') %}
-pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }}
+{%- if salt['pillar.get']('sensor:zeek_pins') %}
+pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
 {%- endif %}
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH

salt/zeek/files/node.cfg

@@ -1,15 +1,17 @@
 {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
 
-{%- if salt['pillar.get']('sensor:bro_pins') or salt['pillar.get']('sensor:bro_lbprocs') %}
-{%- if salt['pillar.get']('sensor:bro_proxies') %}
-  {%- set proxies =  salt['pillar.get']('sensor:bro_proxies', '1') %}
+{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
+
+{%- if salt['pillar.get']('sensor:zeek_proxies') %}
+  {%- set proxies =  salt['pillar.get']('sensor:zeek_proxies', '1') %}
 {%- else %}
-  {%- if salt['pillar.get']('sensor:bro_pins') %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %}
+  {%- if salt['pillar.get']('sensor:zeek_pins') %}
+    {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
   {%- else %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_lbprocs')/10)|round(0, 'ceil')|int %}
+    {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
   {%- endif %}
 {%- endif %}
+
 [manager]
 type=manager
 host=localhost
@@ -28,17 +30,21 @@ host=localhost
 interface=af_packet::{{ interface }}
 lb_method=custom
 
-{%- if salt['pillar.get']('sensor:bro_lbprocs') %}
-lb_procs={{ salt['pillar.get']('sensor:bro_lbprocs', '1') }}
+{%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
+lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
 {%- else %}
-lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }}
+lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
 {%- endif %}
-{%- if salt['pillar.get']('sensor:bro_pins') %}
-pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }}
+
+{%- if salt['pillar.get']('sensor:zeek_pins') %}
+pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
 {%- endif %}
+
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH
-af_packet_buffer_size=128*1024*1024
+af_packet_buffer_size={{salt['pillar.get']('sensor:zeek_buffer', 128*1024*1024) }}
+
+
 {%- else %}
 [brosa]
 type=standalone

setup/so-functions

@@ -1322,7 +1322,7 @@ sensor_pillar() {
 		"  mainint: $MNIC" >> "$pillar_file"
 	
 	if [ "$NSMSETUP" = 'ADVANCED' ]; then
-		echo "  bro_pins:" >> "$pillar_file"
+		echo "  zeek_pins:" >> "$pillar_file"
 		for PIN in "${BROPINS[@]}"; do
 			PIN=$(echo "$PIN" |  cut -d\" -f2)
 		echo "    - $PIN" >> "$pillar_file"
@@ -1333,10 +1333,10 @@ sensor_pillar() {
 		echo "    - $SPIN" >> "$pillar_file"
 		done
 	elif [ "$install_type" = 'HELIXSENSOR' ]; then
-		echo "  bro_lbprocs: $lb_procs" >> "$pillar_file"
+		echo "  zeek_lbprocs: $lb_procs" >> "$pillar_file"
 		echo "  suriprocs: $lb_procs" >> "$pillar_file"
 	else
-		echo "  bro_lbprocs: $BASICBRO" >> "$pillar_file"
+		echo "  zeek_lbprocs: $BASICBRO" >> "$pillar_file"
 		echo "  suriprocs: $BASICSURI" >> "$pillar_file"
 	fi
 	printf '%s\n'\

setup/so-setup

@@ -281,7 +281,7 @@ if [[ $is_sensor && ! $is_eval ]]; then
 	whiptail_homenet_sensor
 	whiptail_sensor_config
 	if [ $NSMSETUP == 'ADVANCED' ]; then
-		whiptail_bro_pins
+		whiptail_zeek_pins
 		whiptail_suricata_pins
 		whiptail_bond_nics_mtu
 	else

setup/so-whiptail

@@ -42,7 +42,7 @@ whiptail_basic_suri() {
 
 }
 
-whiptail_bro_pins() {
+whiptail_zeek_pins() {
 
 	[ -n "$TESTING" ] && return