Merge pull request #11256 from Security-Onion-Solutions/jertel/sod

only ingest pfsense on sensor nodes
2025-12-06 09:12:45 +01:00 · 2023-09-05 12:50:47 -04:00
parent 651393988a b66be9c226
commit 5c0045f9f8
1 changed files with 5 additions and 1 deletions
--- a/salt/common/tools/sbin/so-test
+++ b/salt/common/tools/sbin/so-test
@@ -5,10 +5,14 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

+. /usr/sbin/so-common
+
 set -e

 # Playback live sample data onto monitor interface
 so-tcpreplay /opt/samples/* 2> /dev/null

 # Ingest sample pfsense log entry
+if is_sensor_node; then
    echo "<134>$(date '+%b %d %H:%M:%S') filterlog[31624]: 84,,,1567509287,igb0.244,match,pass,in,4,0x0,,64,0,0,DF,6,tcp,64,192.168.1.1,10.10.10.10,56320,443,0,S,3333585167,,65535,,mss;nop;wscale;nop;nop;TS;sackOK;eol" | nc -uv -w1 127.0.0.1 514 > /dev/null 2>&1
+fi