mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-20 14:05:26 +01:00
Merge pull request #12271 from Security-Onion-Solutions/suripcap
Suricata PCAP
This commit is contained in:
@@ -79,6 +79,30 @@ function getinstallinfo() {
|
||||
source <(echo $INSTALLVARS)
|
||||
}
|
||||
|
||||
function pcapspace() {
|
||||
if [[ "$OPERATION" == "setup" ]]; then
|
||||
local SPACESIZE=$(df -k /nsm | tail -1 | awk '{print $2}' | tr -d \n)
|
||||
else
|
||||
|
||||
local NSMSIZE=$(salt '$MINION_ID' disk.usage --out=json | jq -r '.[]."/nsm"."1K-blocks" ')
|
||||
local ROOTSIZE=$(salt '$MINION_ID' disk.usage --out=json | jq -r '.[]."/"."1K-blocks" ')
|
||||
|
||||
if [[ "$NSMSIZE" == "null" ]]; then
|
||||
# Looks like there is no dedicated nsm partition. Using root
|
||||
local SPACESIZE=$ROOTSIZE
|
||||
else
|
||||
local SPACESIZE=$NSMSIZE
|
||||
fi
|
||||
fi
|
||||
|
||||
local s=$(( $SPACESIZE / 1000000 ))
|
||||
local s1=$(( $s / 2 ))
|
||||
local s2=$(( $s1 / $lb_procs ))
|
||||
|
||||
MAXPCAPFILES=$s2
|
||||
|
||||
}
|
||||
|
||||
function testMinion() {
|
||||
# Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone.
|
||||
# Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image.
|
||||
@@ -247,11 +271,17 @@ function add_sensor_to_minion() {
|
||||
echo " config:" >> $PILLARFILE
|
||||
echo " af-packet:" >> $PILLARFILE
|
||||
echo " threads: '$CORECOUNT'" >> $PILLARFILE
|
||||
if [[ $is_pcaplimit ]]; then
|
||||
echo " output:" >> $PILLARFILE
|
||||
echo " pcap-log:" >> $PILLARFILE
|
||||
echo " max-files: '$MAXPCAPFILES'" >> $PILLARFILE
|
||||
fi
|
||||
echo "pcap:" >> $PILLARFILE
|
||||
echo " enabled: True" >> $PILLARFILE
|
||||
if [[ $is_pcaplimit ]]; then
|
||||
echo " config:" >> $PILLARFILE
|
||||
echo " diskfreepercentage: 60" >> $PILLARFILE
|
||||
pcapspace
|
||||
fi
|
||||
echo " " >> $PILLARFILE
|
||||
}
|
||||
@@ -422,6 +452,7 @@ function updateMine() {
|
||||
|
||||
function createEVAL() {
|
||||
is_pcaplimit=true
|
||||
pcapspace
|
||||
add_elasticsearch_to_minion
|
||||
add_sensor_to_minion
|
||||
add_strelka_to_minion
|
||||
@@ -442,6 +473,7 @@ function createEVAL() {
|
||||
|
||||
function createSTANDALONE() {
|
||||
is_pcaplimit=true
|
||||
pcapspace
|
||||
add_elasticsearch_to_minion
|
||||
add_logstash_to_minion
|
||||
add_sensor_to_minion
|
||||
@@ -531,6 +563,7 @@ function createIDH() {
|
||||
|
||||
function createHEAVYNODE() {
|
||||
is_pcaplimit=true
|
||||
pcapspace
|
||||
add_elasticsearch_to_minion
|
||||
add_elastic_agent_to_minion
|
||||
add_logstash_to_minion
|
||||
@@ -541,6 +574,8 @@ function createHEAVYNODE() {
|
||||
}
|
||||
|
||||
function createSENSOR() {
|
||||
is_pcaplimit=true
|
||||
pcapspace
|
||||
add_sensor_to_minion
|
||||
add_strelka_to_minion
|
||||
add_telegraf_to_minion
|
||||
|
||||
Reference in New Issue
Block a user