CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #912 from Security-Onion-Solutions/issue/642

Browse Source 
Issue/642
This commit is contained in:
Josh Patterson
2020-07-01 13:44:49 -04:00
committed by GitHub
parent 7bb97f2b2d f98c497d79
commit 549fd93cba
3 changed files with 31 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/deprecated-bro/files/node.cfg
View File

@@ -1,13 +1,13 @@
{%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %} {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{%- if salt['pillar.get']('sensor:bro_pins') or salt['pillar.get']('sensor:bro_lbprocs') %} {%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
{%- if salt['pillar.get']('sensor:bro_proxies') %} {%- if salt['pillar.get']('sensor:zeek_proxies') %}
{%- set proxies = salt['pillar.get']('sensor:bro_proxies', '1') %} {%- set proxies = salt['pillar.get']('sensor:zeek_proxies', '1') %}
{%- else %} {%- else %}
{%- if salt['pillar.get']('sensor:bro_pins') %} {%- if salt['pillar.get']('sensor:zeek_pins') %}
{%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %} {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
{%- else %} {%- else %}
{%- set proxies = (salt['pillar.get']('sensor:bro_lbprocs')/10)|round(0, 'ceil')|int %} {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
[manager] [manager]
@@ -28,13 +28,13 @@ host=localhost
interface=af_packet::{{ interface }} interface=af_packet::{{ interface }}
lb_method=custom lb_method=custom
{%- if salt['pillar.get']('sensor:bro_lbprocs') %} {%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
lb_procs={{ salt['pillar.get']('sensor:bro_lbprocs', '1') }} lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
{%- else %} {%- else %}
lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }} lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
{%- endif %} {%- endif %}
{%- if salt['pillar.get']('sensor:bro_pins') %} {%- if salt['pillar.get']('sensor:zeek_pins') %}
pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }} pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
{%- endif %} {%- endif %}
af_packet_fanout_id=23 af_packet_fanout_id=23
af_packet_fanout_mode=AF_Packet::FANOUT_HASH af_packet_fanout_mode=AF_Packet::FANOUT_HASH

26
salt/zeek/files/node.cfg
View File

@@ -1,13 +1,12 @@
{%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %} {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
{%- if salt['pillar.get']('sensor:bro_pins') or salt['pillar.get']('sensor:bro_lbprocs') %} {%- if salt['pillar.get']('sensor:zeek_proxies') %}
{%- if salt['pillar.get']('sensor:bro_proxies') %} {%- set proxies = salt['pillar.get']('sensor:zeek_proxies', '1') %}
{%- set proxies = salt['pillar.get']('sensor:bro_proxies', '1') %}
{%- else %} {%- else %}
{%- if salt['pillar.get']('sensor:bro_pins') %} {%- if salt['pillar.get']('sensor:zeek_pins') %}
{%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %} {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
{%- else %} {%- else %}
{%- set proxies = (salt['pillar.get']('sensor:bro_lbprocs')/10)|round(0, 'ceil')|int %} {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
[manager] [manager]
@@ -27,18 +26,17 @@ type=worker
host=localhost host=localhost
interface=af_packet::{{ interface }} interface=af_packet::{{ interface }}
lb_method=custom lb_method=custom
{%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
{%- if salt['pillar.get']('sensor:bro_lbprocs') %} lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
lb_procs={{ salt['pillar.get']('sensor:bro_lbprocs', '1') }}
{%- else %} {%- else %}
lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }} lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
{%- endif %} {%- endif %}
{%- if salt['pillar.get']('sensor:bro_pins') %} {%- if salt['pillar.get']('sensor:zeek_pins') %}
pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }} pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
{%- endif %} {%- endif %}
af_packet_fanout_id=23 af_packet_fanout_id=23
af_packet_fanout_mode=AF_Packet::FANOUT_HASH af_packet_fanout_mode=AF_Packet::FANOUT_HASH
af_packet_buffer_size=128*1024*1024 af_packet_buffer_size={{ salt['pillar.get']('sensor:zeek_buffer', 128*1024*1024) }}
{%- else %} {%- else %}
[brosa] [brosa]
type=standalone type=standalone

6
setup/so-functions
View File

@@ -1322,7 +1322,7 @@ sensor_pillar() {
" mainint: $MNIC" >> "$pillar_file" " mainint: $MNIC" >> "$pillar_file"
if [ "$NSMSETUP" = 'ADVANCED' ]; then if [ "$NSMSETUP" = 'ADVANCED' ]; then
echo " bro_pins:" >> "$pillar_file" echo " zeek_pins:" >> "$pillar_file"
for PIN in "${BROPINS[@]}"; do for PIN in "${BROPINS[@]}"; do
PIN=$(echo "$PIN" | cut -d\" -f2) PIN=$(echo "$PIN" | cut -d\" -f2)
echo " - $PIN" >> "$pillar_file" echo " - $PIN" >> "$pillar_file"
@@ -1333,10 +1333,10 @@ sensor_pillar() {
echo " - $SPIN" >> "$pillar_file" echo " - $SPIN" >> "$pillar_file"
done done
elif [ "$install_type" = 'HELIXSENSOR' ]; then elif [ "$install_type" = 'HELIXSENSOR' ]; then
echo " bro_lbprocs: $lb_procs" >> "$pillar_file" echo " zeek_lbprocs: $lb_procs" >> "$pillar_file"
echo " suriprocs: $lb_procs" >> "$pillar_file" echo " suriprocs: $lb_procs" >> "$pillar_file"
else else
echo " bro_lbprocs: $BASICBRO" >> "$pillar_file" echo " zeek_lbprocs: $BASICBRO" >> "$pillar_file"
echo " suriprocs: $BASICSURI" >> "$pillar_file" echo " suriprocs: $BASICSURI" >> "$pillar_file"
fi fi
printf '%s\n'\ printf '%s\n'\