Merge remote-tracking branch 'remotes/origin/dev' into salt3003.1

salt/common/init.sls

@@ -49,6 +49,11 @@ sosaltstackperms:
     - gid: 939
     - dir_mode: 770
 
+so_log_perms:
+  file.directory:
+    - name: /opt/so/log
+    - dir_mode: 755
+
 # Create a state directory
 statedir:
   file.directory:
@@ -227,9 +232,14 @@ sostatusdir:
     - user: 0
     - group: 0
     - makedirs: True
+
+sostatus_log:
+  file.managed:
+    - name: /opt/so/log/sostatus/status.log
+    - mode: 644
     
 # Install sostatus check cron
-/usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1:
+'/usr/sbin/so-status -q; echo $? > /opt/so/log/sostatus/status.log 2>&1':
   cron.present:
     - user: root
     - minute: '*/5'

salt/elasticsearch/files/ingest/win.eventlogs

@@ -4,8 +4,8 @@
     { "set":           { "if": "ctx.winlog?.channel != null",   "field": "event.module", "value": "windows_eventlog", "override": false, "ignore_failure": true }  },
     { "set":           { "if": "ctx.winlog?.channel != null",   "field": "event.dataset", "value": "{{winlog.channel}}", "override": true }  },
     { "set":           { "if": "ctx.winlog?.computer_name != null",   "field": "observer.name", "value": "{{winlog.computer_name}}", "override": true }  },
-    { "rename":         { "if": "ctx.winlog?.systemTime != null", "field": "@timestamp",      "target_field": "ingest.timestamp",     "ignore_missing": true } },
-    { "set":           { "if": "ctx.winlog?.systemTime != null",   "field": "@timestamp", "value": "{{winlog.systemTime}}", "override": true }  },
+    { "rename":       { "if": "ctx.winlog?.systemTime != null", "field": "@timestamp",      "target_field": "ingest.timestamp",     "ignore_missing": true } },
+    { "date":         { "if": "ctx.winlog?.systemTime != null", "field": "winlog.systemTime",      "formats": ["yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSS'Z'"] } },    
     { "set":           { "field": "event.code", "value": "{{winlog.event_id}}", "override": true }  },  
     { "set":           { "field": "event.category", "value": "host", "override": true }  },   
     { "rename": 	   { "field": "winlog.event_data.SubjectUserName", 			  "target_field": "user.name",		"ignore_failure": true,   "ignore_missing": true 	} },

salt/influxdb/etc/influxdb.conf

@@ -233,7 +233,7 @@
   # enabled = true
 
   # Determines whether the Flux query endpoint is enabled.
-  # flux-enabled = false
+  flux-enabled = true
 
   # The bind address used by the HTTP service.
   # bind-address = ":8086"

salt/sensoroni/files/sensoroni.json

@@ -1,9 +1,6 @@
 {%- set URLBASE = salt['pillar.get']('global:url_base') %}
-{%- if salt['pillar.get']('sensoroni:node_description') %}
-{%-   set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') %}
-{%- else %}
-{%-   set DESCRIPTION = salt['grains.get']('sosmodel', '') %}
-{%- endif %}
+{%- set DESCRIPTION = salt['pillar.get']('sensoroni:node_description', '') %}
+{%- set MODEL = salt['grains.get']('sosmodel', '') %}
 {%- set ADDRESS = salt['pillar.get']('sensoroni:node_address') %}
 {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
 {%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) %}
@@ -21,6 +18,7 @@
     "role": "{{ grains.role }}",
     "description": "{{ DESCRIPTION }}",
     "address": "{{ ADDRESS }}",
+    "model": "{{ MODEL }}",
     "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }},
     "serverUrl": "https://{{ URLBASE }}/sensoroniagents",
     "verifyCert": false,

salt/soc/files/soc/soc.json

@@ -53,6 +53,17 @@
         "cacheMs": {{ ES_FIELDCAPS_CACHE }},
         "verifyCert": false
       },
+      "influxdb": {
+{%- if grains['role'] in ['so-import'] %}
+        "hostUrl": "",
+{%- else %}
+        "hostUrl": "https://{{ MANAGERIP }}:8086",
+{%- endif %}
+        "token": "",
+        "org": "",
+        "bucket": "telegraf",
+        "verifyCert": false
+      },
       "sostatus": {
         "refreshIntervalMs": 30000,
         "offlineThresholdMs": 900000