From f9e07709f2cef88c13f3773cebdd87bf68742d36 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 18 Feb 2020 16:36:20 -0500 Subject: [PATCH 1/5] bpf fix --- salt/pcap/init.sls | 2 +- salt/suricata/init.sls | 2 +- salt/zeek/init.sls | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 11732ad29..17162fb16 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -41,7 +41,7 @@ stenoconfdir: - makedirs: True {% if BPF_STENO %} - {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" ") ) %} + {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" "),cwd='/root') %} {% if BPF_CALC['stderr'] == "" %} {% set BPF_COMPILED = ",\\\"--filter=" + BPF_CALC['stdout'] + "\\\"" %} {% else %} diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index dcea927ae..da1220e63 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -84,7 +84,7 @@ surithresholding: # BPF compilation and configuration {% if BPF_NIDS %} - {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', interface + ' ' + BPF_NIDS|join(" ") ) %} + {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', interface + ' ' + BPF_NIDS|join(" "),cwd='/root') %} {% if BPF_CALC['stderr'] == "" %} {% set BPF_STATUS = 1 %} {% else %} diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index e7124727e..db54bf62e 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -95,7 +95,7 @@ plcronscript: # BPF compilation and configuration {% if BPF_ZEEK %} - {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_ZEEK|join(" ") ) %} + {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_ZEEK|join(" "),cwd='/root') %} {% if BPF_CALC['stderr'] == "" %} {% set BPF_STATUS = 1 %} {% else %} From 30a1197b448c2646e818e3fbd0f8c965952d2c6b Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 20 Feb 2020 11:20:06 -0500 Subject: [PATCH 2/5] Rename template to avoid duplication under different name --- salt/logstash/files/dynamic/9002_output_import.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/files/dynamic/9002_output_import.conf b/salt/logstash/files/dynamic/9002_output_import.conf index 88fbc7551..1b691df6b 100644 --- a/salt/logstash/files/dynamic/9002_output_import.conf +++ b/salt/logstash/files/dynamic/9002_output_import.conf @@ -19,7 +19,7 @@ output { elasticsearch { hosts => "{{ ES }}" index => "logstash-import-%{+YYYY.MM.dd}" - template_name => "logstash-*" + template_name => "logstash" template => "/logstash-template.json" template_overwrite => true } From 6945cbb843560992c72a5a33d21b60645403c96c Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 20 Feb 2020 11:45:50 -0500 Subject: [PATCH 3/5] Change template name --- .../conf/pipelines/eval/templates/9002_output_import.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/conf/pipelines/eval/templates/9002_output_import.conf b/salt/logstash/conf/pipelines/eval/templates/9002_output_import.conf index 88fbc7551..1b691df6b 100644 --- a/salt/logstash/conf/pipelines/eval/templates/9002_output_import.conf +++ b/salt/logstash/conf/pipelines/eval/templates/9002_output_import.conf @@ -19,7 +19,7 @@ output { elasticsearch { hosts => "{{ ES }}" index => "logstash-import-%{+YYYY.MM.dd}" - template_name => "logstash-*" + template_name => "logstash" template => "/logstash-template.json" template_overwrite => true } From fc9786e54194f5860e0e2a9e64e8119682445977 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 20 Feb 2020 11:46:15 -0500 Subject: [PATCH 4/5] Change template name --- .../conf/pipelines/search/templates/9002_output_import.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/conf/pipelines/search/templates/9002_output_import.conf b/salt/logstash/conf/pipelines/search/templates/9002_output_import.conf index 88fbc7551..1b691df6b 100644 --- a/salt/logstash/conf/pipelines/search/templates/9002_output_import.conf +++ b/salt/logstash/conf/pipelines/search/templates/9002_output_import.conf @@ -19,7 +19,7 @@ output { elasticsearch { hosts => "{{ ES }}" index => "logstash-import-%{+YYYY.MM.dd}" - template_name => "logstash-*" + template_name => "logstash" template => "/logstash-template.json" template_overwrite => true } From 5d81bf32046b298c27a6622b64b3205d888b79fc Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 25 Feb 2020 12:36:35 +0000 Subject: [PATCH 5/5] remove source --- salt/logstash/etc/beats-template.json | 4 ---- salt/logstash/etc/logstash-ossec-template.json | 8 -------- salt/logstash/etc/logstash-template.json | 8 -------- 3 files changed, 20 deletions(-) diff --git a/salt/logstash/etc/beats-template.json b/salt/logstash/etc/beats-template.json index 0e831aa52..433c0862e 100644 --- a/salt/logstash/etc/beats-template.json +++ b/salt/logstash/etc/beats-template.json @@ -989,10 +989,6 @@ } } }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, "stream": { "ignore_above": 1024, "type": "keyword" diff --git a/salt/logstash/etc/logstash-ossec-template.json b/salt/logstash/etc/logstash-ossec-template.json index ab3a14a93..b44ae69a9 100644 --- a/salt/logstash/etc/logstash-ossec-template.json +++ b/salt/logstash/etc/logstash-ossec-template.json @@ -2825,14 +2825,6 @@ } } }, - "source":{ - "type":"text", - "fields":{ - "keyword":{ - "type":"keyword" - } - } - }, "source_geo.city_name":{ "type":"text", "fields":{ diff --git a/salt/logstash/etc/logstash-template.json b/salt/logstash/etc/logstash-template.json index 44e519842..f23c7b58a 100644 --- a/salt/logstash/etc/logstash-template.json +++ b/salt/logstash/etc/logstash-template.json @@ -2946,14 +2946,6 @@ } } }, - "source":{ - "type":"text", - "fields":{ - "keyword":{ - "type":"keyword" - } - } - }, "source_geo.city_name":{ "type":"text", "fields":{