ensure at least 2 eve files are kept https://github.com/Security-Onion-Solutions/securityonion/issues/2989

2026-01-06 08:13:32 +01:00 · 2021-02-18 09:51:40 -05:00
parent 4b07d5e457
commit 74ca4487de
1 changed files with 3 additions and 0 deletions
--- a/salt/suricata/cron/so-suricata-eve-clean
+++ b/salt/suricata/cron/so-suricata-eve-clean
@@ -25,6 +25,9 @@ read lastPID < $lf
 echo $$ > $lf

 MAXEVES={{ salt['pillar.get']('suricata:cleanup:eve_json', 20) }}
+if [ "$MAXEVES" -lt 2 ]; then
+  MAXEVES=2
+fi

 # Find eve files and remove them
 NUMEVES=$(find /nsm/suricata/ -type f -name "eve-*.json" | wc -l)