CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-13 20:52:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Zeek PIllar

Browse Source
This commit is contained in:
Mike Reeves
2022-09-15 13:11:03 -04:00
parent 73d45bd9fc
commit 7d6e847f86
3 changed files with 2 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/common/tools/sbin/so-minion
View File

@@ -165,6 +165,7 @@ function add_sensor_to_minion() {
echo " mtu: 9000" >> $PILLARFILE echo " mtu: 9000" >> $PILLARFILE
echo "zeek:" >> $PILLARFILE echo "zeek:" >> $PILLARFILE
echo " config:" >> $PILLARFILE echo " config:" >> $PILLARFILE
echo " node:" >> $PILLARFILE
echo " lb_procs: '$CORECOUNT'" >> $PILLARFILE echo " lb_procs: '$CORECOUNT'" >> $PILLARFILE
echo "suricata:" >> $PILLARFILE echo "suricata:" >> $PILLARFILE
echo " config:" >> $PILLARFILE echo " config:" >> $PILLARFILE

14
salt/suricata/afpacket.map.jinja
View File

@@ -1,14 +0,0 @@
{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
{% set suricata_pillar = pillar.suricata %}
{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
{% load_yaml as afpacket %}
af-packet:
- interface: {{ surimerge.suricata.config.af-packet.interface }}
cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
defrag: {{ surimerge.suricata.config.af-packet.defrag }}
use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
threads: {{ surimerge.suricata.config.af-packet.threads }}
tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
{% endload %}

32
salt/suricata/threading.map.jinja
View File

@@ -1,32 +0,0 @@
{% if salt['pillar.get']('sensor:suripins') %}
{% load_yaml as cpu_affinity%}
cpu-affinity:
- management-cpu-set:
cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ] # include only these cpus in affinity settings
- receive-cpu-set:
cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ] # include only these cpus in affinity settings
- worker-cpu-set:
cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
mode: "exclusive"
threads: {{ salt['pillar.get']('sensor:suripins')|length }}
prio:
default: "high"
{% endload %}
{% elif salt['pillar.get']('sensor:suriprocs') %}
{% load_yaml as cpu_affinity%}
cpu-affinity:
- management-cpu-set:
cpu: [ all ] # include only these CPUs in affinity settings
- receive-cpu-set:
cpu: [ all ] # include only these CPUs in affinity settings
- worker-cpu-set:
cpu: [ "all" ]
mode: "exclusive"
threads: {{ salt['pillar.get']('sensor:suriprocs') }}
prio:
low: [ 0 ]
medium: [ "1-2" ]
high: [ 3 ]
default: "high"
{% endload %}
{% endif %}