Fix Zeek PIllar

2025-12-12 20:22:59 +01:00 · 2022-09-15 13:11:03 -04:00
parent 73d45bd9fc
commit 7d6e847f86
3 changed files with 2 additions and 47 deletions
--- a/salt/common/tools/sbin/so-minion
+++ b/salt/common/tools/sbin/so-minion
@@ -165,7 +165,8 @@ function add_sensor_to_minion() {
 	echo "  mtu: 9000" >> $PILLARFILE
 	echo "zeek:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
-	echo "        lb_procs: '$CORECOUNT'" >> $PILLARFILE
+	echo "        node:" >> $PILLARFILE
+	echo "            lb_procs: '$CORECOUNT'" >> $PILLARFILE
 	echo "suricata:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
 	echo "        af-packet:" >> $PILLARFILE
--- a/salt/suricata/afpacket.map.jinja
+++ b/salt/suricata/afpacket.map.jinja
@@ -1,14 +0,0 @@
-{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
-{% set suricata_pillar = pillar.suricata %}
-{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
-{% load_yaml as afpacket %}
-af-packet:
-  - interface: {{ surimerge.suricata.config.af-packet.interface }}
-    cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
-    cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
-    defrag: {{ surimerge.suricata.config.af-packet.defrag }}
-    use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
-    threads: {{ surimerge.suricata.config.af-packet.threads }}
-    tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
-    ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
-{% endload %}
--- a/salt/suricata/threading.map.jinja
+++ b/salt/suricata/threading.map.jinja
@@ -1,32 +0,0 @@
-{% if salt['pillar.get']('sensor:suripins') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - receive-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - worker-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
-      prio:
-        default: "high"
-  {% endload %}
-{% elif salt['pillar.get']('sensor:suriprocs') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - receive-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - worker-cpu-set:
-      cpu: [ "all" ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suriprocs') }}
-      prio:
-        low: [ 0 ]
-        medium: [ "1-2" ]
-        high: [ 3 ]
-        default: "high"
-  {% endload %}
-{% endif %}