CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-11 23:35:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15583 from Security-Onion-Solutions/m0duspwnens-patch-1

Browse Source 
fix enable/disable suricata pcap
This commit is contained in:
Josh Patterson
2026-03-11 11:52:53 -04:00
committed by GitHub
parent a0ad589c3a 6472c610d0
commit 7fec2d59a7
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
HOTFIX
View File

@@ -0,0 +1 @@
20260311

8
salt/suricata/map.jinja
View File

@@ -16,7 +16,13 @@
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
{% endif %}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
{% set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %}
{% if PCAP.enabled and GLOBALS.role != 'so-import'%}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
{% else %}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'no'}) %}
{% endif %}
{# move the items in suricata.pcap into suricata.config.outputs.pcap-log. these items were placed under suricata.config for ease of access in SOC #}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'compression': SURICATAMERGED.pcap.compression}) %}
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'lz4-checksum': SURICATAMERGED.pcap['lz4-checksum']}) %}