From 5c933910aa6edefdb238cce76fd4c0e378deeb55 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 25 May 2023 17:25:54 -0400 Subject: [PATCH] simplify map for updating suricata config if md engine is suricata --- salt/suricata/map.jinja | 46 +++++++++++++++-------------------------- 1 file changed, 17 insertions(+), 29 deletions(-) diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja index 6524221b7..5576117cc 100644 --- a/salt/suricata/map.jinja +++ b/salt/suricata/map.jinja @@ -43,6 +43,23 @@ {% do SURICATAMERGED.config.threading.pop('cpu-affinity') %} {% do SURICATAMERGED.config.threading.update({'cpu-affinity': cpuaffinity}) %} +{# Find the index of eve-log and file-store in suricata_mdengine.suricata.config.outputs #} +{# update outputs eve-log.types and filestore with config for Suricata metadata engine #} +{% if GLOBALS.md_engine == 'SURICATA' %} +{% for li in suricata_mdengine.suricata.config.outputs %} +{% if 'eve-log' in li.keys() %} +{% do surimeta_evelog_index.append(loop.index0) %} +{% endif %} +{% if 'file-store' in li.keys() %} +{% do surimeta_filestore_index.append(loop.index0) %} +{% endif %} +{% endfor %} +{% set surimeta_evelog_index = surimeta_evelog_index[0] %} +{% set surimeta_filestore_index = surimeta_filestore_index[0] %} +{% do SURICATAMERGED.config.outputs['eve-log'].types.extend(suricata_mdengine.suricata.config.outputs[surimeta_evelog_index]['eve-log'].types) %} +{% do SURICATAMERGED.config.outputs['file-store'].update({'enabled':suricata_mdengine.suricata.config.outputs[surimeta_filestore_index]['file-store']['enabled']}) %} +{% endif %} + {# outputs is a list but we convert to dict in defaults to work with ui #} {# below they are converted back to lists #} {% load_yaml as outputs %} @@ -53,35 +70,6 @@ {% do SURICATAMERGED.config.pop('outputs') %} {% do SURICATAMERGED.config.update({'outputs': outputs}) %} -{# Find the index of eve-log so it can be updated later #} -{% for li in SURICATAMERGED.config.outputs %} - {% if 'eve-log' in li.keys() %} - {% do default_evelog_index.append(loop.index0) %} - {% endif %} - {% if 'file-store' in li.keys() %} - {% do default_filestore_index.append(loop.index0) %} - {% endif %} -{% endfor %} -{% set default_evelog_index = default_evelog_index[0] %} -{% set default_filestore_index = default_filestore_index[0] %} - -{# Find the index of eve-log so it can be grabbed later #} -{% for li in suricata_mdengine.suricata.config.outputs %} - {% if 'eve-log' in li.keys() %} - {% do surimeta_evelog_index.append(loop.index0) %} - {% endif %} - {% if 'file-store' in li.keys() %} - {% do surimeta_filestore_index.append(loop.index0) %} - {% endif %} -{% endfor %} -{% set surimeta_evelog_index = surimeta_evelog_index[0] %} -{% set surimeta_filestore_index = surimeta_filestore_index[0] %} - -{% if GLOBALS.md_engine == 'SURICATA' %} - {% do SURICATAMERGED.config.outputs[default_evelog_index]['eve-log'].types.extend(suricata_mdengine.suricata.config.outputs[surimeta_evelog_index]['eve-log'].types) %} - {% do SURICATAMERGED.config.outputs[default_filestore_index]['file-store'].update({'enabled':suricata_mdengine.suricata.config.outputs[surimeta_filestore_index]['file-store']['enabled']}) %} -{% endif %} - {# change address-groups vars from list to comma seperated string #} {% for k, v in SURICATAMERGED.config.vars['address-groups'].items() %} {# if address-group value is a list #}