CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove filebeat

Browse Source
This commit is contained in:
m0duspwnens
2023-02-22 10:42:45 -05:00
parent b8966aa33a
commit 6dd09fb2c5
17 changed files with 10 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/allowed_states.map.jinja
View File

@@ -8,7 +8,6 @@
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %} {% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %} {% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %}
{% set KIBANA = salt['pillar.get']('kibana:enabled', True) %} {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
{% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %} {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
{% set CURATOR = salt['pillar.get']('curator:enabled', True) %} {% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
@@ -188,7 +187,6 @@
'pcap', 'pcap',
'suricata', 'suricata',
'healthcheck', 'healthcheck',
'filebeat',
'schedule', 'schedule',
'tcpreplay', 'tcpreplay',
'docker_clean' 'docker_clean'
@@ -204,10 +202,6 @@
], ],
}, grain='role') %} }, grain='role') %}
{% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %}
{% do allowed_states.append('filebeat') %}
{% endif %}
{% if (PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %} {% if (PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %}
{% do allowed_states.append('mysql') %} {% do allowed_states.append('mysql') %}
{% endif %} {% endif %}

2
salt/common/tools/sbin/so-elastic-auth-password-reset
View File

@@ -95,8 +95,6 @@ function soUserSync() {
$(dirname $0)/so-user sync $(dirname $0)/so-user sync
printf "\nApplying logstash state to the appropriate nodes.\n\n" printf "\nApplying logstash state to the appropriate nodes.\n\n"
salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-searchnode or G@role:so-heavynode' state.apply logstash queue=True salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-searchnode or G@role:so-heavynode' state.apply logstash queue=True
printf "\nApplying filebeat state to the appropriate nodes.\n\n"
salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-searchnode or G@role:so-heavynode or G@role:so-sensor or G@role:so-fleet' state.apply filebeat queue=True
printf "\nApplying kibana state to the appropriate nodes.\n\n" printf "\nApplying kibana state to the appropriate nodes.\n\n"
salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch' state.apply kibana queue=True salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch' state.apply kibana queue=True
printf "\nApplying curator state to the appropriate nodes.\n\n" printf "\nApplying curator state to the appropriate nodes.\n\n"

17
salt/common/tools/sbin/so-elastic-clear
View File

@@ -54,17 +54,10 @@ if [ $SKIP -ne 1 ]; then
if [ "$INPUT" != "AGREE" ] ; then exit 0; fi if [ "$INPUT" != "AGREE" ] ; then exit 0; fi
fi fi
# Check to see if Logstash/Filebeat are running # Check to see if Logstash are running
LS_ENABLED=$(so-status | grep logstash) LS_ENABLED=$(so-status | grep logstash)
FB_ENABLED=$(so-status | grep filebeat)
EA_ENABLED=$(so-status | grep elastalert) EA_ENABLED=$(so-status | grep elastalert)
if [ ! -z "$FB_ENABLED" ]; then
/usr/sbin/so-filebeat-stop
fi
if [ ! -z "$LS_ENABLED" ]; then if [ ! -z "$LS_ENABLED" ]; then
/usr/sbin/so-logstash-stop /usr/sbin/so-logstash-stop
@@ -86,13 +79,7 @@ do
curl -K /opt/so/conf/elasticsearch/curl.config-XDELETE -k -L https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1 curl -K /opt/so/conf/elasticsearch/curl.config-XDELETE -k -L https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
done done
#Start Logstash/Filebeat #Start Logstash
if [ ! -z "$FB_ENABLED" ]; then
/usr/sbin/so-filebeat-start
fi
if [ ! -z "$LS_ENABLED" ]; then if [ ! -z "$LS_ENABLED" ]; then
/usr/sbin/so-logstash-start /usr/sbin/so-logstash-start

4
salt/common/tools/sbin/so-elastic-restart
View File

@@ -22,10 +22,6 @@
/usr/sbin/so-restart logstash $1 /usr/sbin/so-restart logstash $1
{%- endif %} {%- endif %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-sensor']%}
/usr/sbin/so-restart filebeat $1
{%- endif %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} {%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
/usr/sbin/so-restart curator $1 /usr/sbin/so-restart curator $1
{%- endif %} {%- endif %}

4
salt/common/tools/sbin/so-elastic-start
View File

@@ -22,10 +22,6 @@
/usr/sbin/so-start logstash $1 /usr/sbin/so-start logstash $1
{%- endif %} {%- endif %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-sensor']%}
/usr/sbin/so-start filebeat $1
{%- endif %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} {%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
/usr/sbin/so-start curator $1 /usr/sbin/so-start curator $1
{%- endif %} {%- endif %}

4
salt/common/tools/sbin/so-elastic-stop
View File

@@ -22,10 +22,6 @@
/usr/sbin/so-stop logstash $1 /usr/sbin/so-stop logstash $1
{%- endif %} {%- endif %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-sensor']%}
/usr/sbin/so-stop filebeat $1
{%- endif %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} {%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
/usr/sbin/so-stop curator $1 /usr/sbin/so-stop curator $1
{%- endif %} {%- endif %}

4
salt/common/tools/sbin/so-restart
View File

@@ -7,7 +7,7 @@
# Usage: so-restart filebeat | kibana | playbook # Usage: so-restart kibana | playbook
. /usr/sbin/so-common . /usr/sbin/so-common
@@ -27,5 +27,5 @@ if [ $# -ge 1 ]; then
*) docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;; *) docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
esac esac
else else
echo -e "\nPlease provide an argument by running like so-restart $component, or by using the component-specific script.\nEx. so-restart filebeat, or so-filebeat-restart\n" echo -e "\nPlease provide an argument by running like so-restart $component, or by using the component-specific script.\nEx. so-restart logstash, or so-logstash-restart\n"
fi fi

4
salt/common/tools/sbin/so-start
View File

@@ -7,7 +7,7 @@
# Usage: so-start all | filebeat | kibana | playbook # Usage: so-start all | kibana | playbook
. /usr/sbin/so-common . /usr/sbin/so-common
@@ -27,5 +27,5 @@ if [ $# -ge 1 ]; then
*) if docker ps | grep -E -q '^so-$1$'; then printf "\n$1 is already running\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi ;; *) if docker ps | grep -E -q '^so-$1$'; then printf "\n$1 is already running\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi ;;
esac esac
else else
echo -e "\nPlease provide an argument by running like so-start $component, or by using the component-specific script.\nEx. so-start filebeat, or so-filebeat-start\n" echo -e "\nPlease provide an argument by running like so-start $component, or by using the component-specific script.\nEx. so-start logstash, or so-logstash-start\n"
fi fi

4
salt/common/tools/sbin/so-stop
View File

@@ -7,7 +7,7 @@
# Usage: so-stop filebeat | kibana | playbook | thehive # Usage: so-stop kibana | playbook | thehive
. /usr/sbin/so-common . /usr/sbin/so-common
@@ -20,6 +20,6 @@ if [ $# -ge 1 ]; then
*) docker stop so-$1 ; docker rm so-$1 ;; *) docker stop so-$1 ; docker rm so-$1 ;;
esac esac
else else
echo -e "\nPlease provide an argument by running like so-stop $component, or by using the component-specific script.\nEx. so-stop filebeat, or so-filebeat-stop\n" echo -e "\nPlease provide an argument by running like so-stop $component, or by using the component-specific script.\nEx. so-stop logstash, or so-logstash-stop\n"
fi fi

5
salt/curator/files/bin/so-curator-close
View File

@@ -13,8 +13,6 @@ read lastPID < $lf
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf echo $$ > $lf
{% from 'filebeat/modules.map.jinja' import MODULESMERGED with context %}
/usr/sbin/so-curator-closed-delete > /dev/null 2>&1; /usr/sbin/so-curator-closed-delete > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1;
@@ -27,6 +25,3 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1;
{% for INDEX in MODULESMERGED.modules.keys() -%}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-close.yml > /dev/null 2>&1{% if not loop.last %};{% endif %}
{% endfor -%}

5
salt/curator/files/bin/so-curator-cluster-close
View File

@@ -13,8 +13,6 @@ read lastPID < $lf
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf echo $$ > $lf
{% from 'filebeat/modules.map.jinja' import MODULESMERGED with context %}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1;
@@ -25,6 +23,3 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1;
{% for INDEX in MODULESMERGED.modules.keys() -%}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-close.yml > /dev/null 2>&1{% if not loop.last %};{% endif %}
{% endfor -%}

5
salt/curator/files/bin/so-curator-cluster-delete
View File

@@ -13,8 +13,6 @@ read lastPID < $lf
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf echo $$ > $lf
{% from 'filebeat/modules.map.jinja' import MODULESMERGED with context %}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-delete.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-delete.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-delete.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-delete.yml > /dev/null 2>&1;
@@ -25,6 +23,3 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-delete.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-delete.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-delete.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-delete.yml > /dev/null 2>&1;
{% for INDEX in MODULESMERGED.modules.keys() -%}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-delete.yml > /dev/null 2>&1{% if not loop.last %};{% endif %}
{% endfor -%}

5
salt/curator/files/bin/so-curator-cluster-warm
View File

@@ -14,8 +14,6 @@ read lastPID < $lf
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf echo $$ > $lf
{% from 'filebeat/modules.map.jinja' import MODULESMERGED with context %}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-warm.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-warm.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-warm.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-warm.yml > /dev/null 2>&1;
@@ -26,6 +24,3 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-warm.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-warm.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-warm.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-warm.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-warm.yml > /dev/null 2>&1;
{% for INDEX in MODULESMERGED.modules.keys() -%}
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-{{ INDEX }}-warm.yml > /dev/null 2>&1{% if not loop.last %};{% endif %}
{% endfor -%}

6
salt/docker/defaults.yaml
View File

@@ -17,12 +17,6 @@ docker:
port_bindings: port_bindings:
- 0.0.0.0:9200:9200/tcp - 0.0.0.0:9200:9200/tcp
- 0.0.0.0:9300:9300/tcp - 0.0.0.0:9300:9300/tcp
'so-filebeat':
final_octet: 23
port_bindings:
- 0.0.0.0:514:514/udp
- 0.0.0.0:514:514/tcp
- 0.0.0.0:5066:5066/tcp
'so-idstools': 'so-idstools':
final_octet: 25 final_octet: 25
'so-influxdb': 'so-influxdb':

5
salt/firewall/containers.map.jinja
View File

@@ -32,7 +32,6 @@
'so-elasticsearch', 'so-elasticsearch',
'so-elastic-fleet', 'so-elastic-fleet',
'so-elastic-fleet-package-registry', 'so-elastic-fleet-package-registry',
'so-filebeat',
'so-influxdb', 'so-influxdb',
'so-kibana', 'so-kibana',
'so-kratos', 'so-kratos',
@@ -54,7 +53,6 @@
{% if GLOBALS.role == 'so-searchnode' %} {% if GLOBALS.role == 'so-searchnode' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-elasticsearch', 'so-elasticsearch',
'so-filebeat',
'so-logstash', 'so-logstash',
'so-nginx' 'so-nginx'
] %} ] %}
@@ -64,7 +62,6 @@
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-curator', 'so-curator',
'so-elasticsearch', 'so-elasticsearch',
'so-filebeat',
'so-logstash', 'so-logstash',
'so-nginx', 'so-nginx',
'so-redis', 'so-redis',
@@ -83,7 +80,6 @@
'so-elasticsearch', 'so-elasticsearch',
'so-elastic-fleet', 'so-elastic-fleet',
'so-elastic-fleet-package-registry', 'so-elastic-fleet-package-registry',
'so-filebeat',
'so-influxdb', 'so-influxdb',
'so-kibana', 'so-kibana',
'so-kratos', 'so-kratos',
@@ -94,7 +90,6 @@
{% if GLOBALS.role == 'so-receiver' %} {% if GLOBALS.role == 'so-receiver' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-filebeat',
'so-logstash', 'so-logstash',
'so-redis', 'so-redis',
] %} ] %}

2
setup/so-functions
View File

@@ -1544,7 +1544,7 @@ make_some_dirs() {
mkdir -p $local_salt_dir/salt/firewall/portgroups mkdir -p $local_salt_dir/salt/firewall/portgroups
mkdir -p $local_salt_dir/salt/firewall/ports mkdir -p $local_salt_dir/salt/firewall/ports
for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf filebeat logstash soc manager kratos idstools idh elastalert;do for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert;do
mkdir -p $local_salt_dir/pillar/$THEDIR mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls

8
setup/so-variables
View File

@@ -136,12 +136,6 @@ export suricata_pillar_file
adv_suricata_pillar_file="$local_salt_dir/pillar/suricata/adv_suricata.sls" adv_suricata_pillar_file="$local_salt_dir/pillar/suricata/adv_suricata.sls"
export adv_suricata_pillar_file export adv_suricata_pillar_file
filebeat_pillar_file="$local_salt_dir/pillar/filebeat/soc_filebeat.sls"
export filebeat_pillar_file
adv_filebeat_pillar_file="$local_salt_dir/pillar/filebeat/adv_filebeat.sls"
export adv_filebeat_pillar_file
logstash_pillar_file="$local_salt_dir/pillar/logstash/soc_logstash.sls" logstash_pillar_file="$local_salt_dir/pillar/logstash/soc_logstash.sls"
export logstash_pillar_file export logstash_pillar_file
@@ -200,4 +194,4 @@ influxdb_pillar_file="$local_salt_dir/pillar/influxdb/soc_influxdb.sls"
export influxdb_pillar_file export influxdb_pillar_file
adv_influxdb_pillar_file="$local_salt_dir/pillar/influxdb/adv_influxdb.sls" adv_influxdb_pillar_file="$local_salt_dir/pillar/influxdb/adv_influxdb.sls"
export adv_influxdb_pillar_file export adv_influxdb_pillar_file