Merge pull request #12271 from Security-Onion-Solutions/suripcap

Suricata PCAP
2026-02-09 08:43:36 +01:00 · 2024-03-04 17:27:38 -05:00
parent 9fd1653914 fe238755e9
commit 58d222284e
16 changed files with 184 additions and 5 deletions
--- a/salt/telegraf/scripts/oldpcap.sh
+++ b/salt/telegraf/scripts/oldpcap.sh
@@ -5,13 +5,17 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-
+{%- if GLOBALS.pcap_engine == "SURICATA" %}
+PCAPLOC=/host/nsm/suripcap
+{%- else %}
+PCAPLOC=/host/nsm/pcap
+{%- endif %}

 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then

    # Get the data
-    OLDPCAP=$(find /host/nsm/pcap -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'})
+    OLDPCAP=$(find $PCAPLOC -type f -exec stat -c'%n %Z' {} + | sort | grep -v "/\." | head -n 1 | awk {'print $2'})
    DATE=$(date +%s)
    AGE=$(($DATE - $OLDPCAP))