CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-29 16:07:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

pcapout still used for extracts

Browse Source
This commit is contained in:
Jason Ertel
2026-03-09 14:58:27 -04:00
parent e8adea3022
commit 7f07c96a2f
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/common/tools/sbin/so-sensor-clean
+1 -1
View File
@@ -72,7 +72,7 @@ clean() {
done done
fi fi
## Clean up extracted pcaps from Steno ## Clean up extracted pcaps
PCAPS='/nsm/pcapout' PCAPS='/nsm/pcapout'
OLDEST_PCAP=$(find $PCAPS -type f -printf '%T+ %p\n' | sort -n | head -n 1) OLDEST_PCAP=$(find $PCAPS -type f -printf '%T+ %p\n' | sort -n | head -n 1)
if [ -z "$OLDEST_PCAP" -o "$OLDEST_PCAP" == ".." -o "$OLDEST_PCAP" == "." ]; then if [ -z "$OLDEST_PCAP" -o "$OLDEST_PCAP" == ".." -o "$OLDEST_PCAP" == "." ]; then
salt/suricata/pcap.sls
+8 -1
View File
@@ -2,7 +2,7 @@
{% from 'suricata/map.jinja' import SURICATAMERGED %} {% from 'suricata/map.jinja' import SURICATAMERGED %}
# This directory needs to exist regardless of whether SURIPCAP is enabled or not, in order for # This directory needs to exist regardless of whether SURIPCAP is enabled or not, in order for
# Sensoroni to be able to look at old Suricata PCAP data # Sensoroni to mount it
suripcapdir: suripcapdir:
file.directory: file.directory:
- name: /nsm/suripcap - name: /nsm/suripcap
@@ -11,6 +11,13 @@ suripcapdir:
- mode: 775 - mode: 775
- makedirs: True - makedirs: True
pcapoutdir:
file.directory:
- name: /nsm/pcapout
- user: 939
- group: 939
- makedirs: True
{% if GLOBALS.pcap_engine in ["SURICATA"] %} {% if GLOBALS.pcap_engine in ["SURICATA"] %}
{# there should only be 1 interface in af-packet so we can just reference the first list item #} {# there should only be 1 interface in af-packet so we can just reference the first list item #}