CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix pipeline workers, zeek/suricata lbprocs, CPUCORES and CORECOUNT

Browse Source
This commit is contained in:
Josh Patterson
2025-02-28 17:21:06 -05:00
parent c6c979dc19
commit 8047e196fe
10 changed files with 15 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/manager/tools/sbin/so-minion
View File

@@ -95,10 +95,16 @@ for i in "$@"; do
MAINIP="${i#*=}" MAINIP="${i#*=}"
shift shift
;; ;;
-c=*|--cpu=*) # Usable / Load Balance Cores for Zeek / Suricata
-C=*|--lbc=*)
CORECOUNT="${i#*=}" CORECOUNT="${i#*=}"
shift shift
;; ;;
# Total number of CPU Cores
-c=*|--cpu=*)
CPUCORES="${i#*=}"
shift
;;
-*|--*) -*|--*)
echo "Unknown option $i" echo "Unknown option $i"
log "ERROR" "Unknown option $i" log "ERROR" "Unknown option $i"
@@ -374,7 +380,7 @@ function add_logstash_to_minion() {
"logstash:"\ "logstash:"\
" enabled: True"\ " enabled: True"\
" config:"\ " config:"\
" pipeline_x_workers: $CORECOUNT"\ " pipeline_x_workers: $CPUCORES"\
" settings:"\ " settings:"\
" lsheap: $LSHEAP"\ " lsheap: $LSHEAP"\
" " >> $PILLARFILE " " >> $PILLARFILE

5
salt/reactor/sominion_setup.sls
View File

@@ -16,13 +16,12 @@ def run():
hv_name = DATA['HYPERVISOR_HOST'] hv_name = DATA['HYPERVISOR_HOST']
logging.debug('sominion_setup_reactor: DATA: %s' % DATA) logging.debug('sominion_setup_reactor: DATA: %s' % DATA)
# Build the base command # Build the base command
cmd = "NODETYPE=" + DATA['NODETYPE'] + " /usr/sbin/so-minion -o=addVM -m=" + minionid + " -n=" + DATA['MNIC'] + " -i=" + DATA['MAINIP'] + " -d='" + DATA['NODE_DESCRIPTION'] + "'" cmd = "NODETYPE=" + DATA['NODETYPE'] + " /usr/sbin/so-minion -o=addVM -m=" + minionid + " -n=" + DATA['MNIC'] + " -i=" + DATA['MAINIP'] + " -c=" + str(DATA['CPUCORES']) + " -d='" + DATA['NODE_DESCRIPTION'] + "'"
# Add optional arguments only if they exist in DATA # Add optional arguments only if they exist in DATA
if 'CORECOUNT' in DATA: if 'CORECOUNT' in DATA:
cmd += " -c=" + str(DATA['CORECOUNT']) cmd += " -C=" + str(DATA['CORECOUNT'])
if 'INTERFACE' in DATA: if 'INTERFACE' in DATA:
cmd += " -a=" + DATA['INTERFACE'] cmd += " -a=" + DATA['INTERFACE']

18
salt/setup/virt/fleet.yaml
View File

@@ -1,18 +0,0 @@
MAINIP:
MNIC: enp1s0
NODE_DESCRIPTION: 'vm'
ES_HEAP_SIZE:
PATCHSCHEDULENAME:
INTERFACE:
NODETYPE: FLEET
CORECOUNT: 8
LSHOSTNAME:
LSHEAP:
CPUCORES: 8
IDH_MGTRESTRICT:
IDH_SERVICES:
CPU: 8
MEMORY: 8
DISKS: 0
COPPER: 0
SFP: 0

18
salt/setup/virt/heavynode.yaml
View File

@@ -1,18 +0,0 @@
MAINIP:
MNIC: enp1s0
NODE_DESCRIPTION: 'vm'
ES_HEAP_SIZE:
PATCHSCHEDULENAME:
INTERFACE: bond0
NODETYPE: HEAVYNODE
CORECOUNT: 8
LSHOSTNAME:
LSHEAP:
CPUCORES: 8
IDH_MGTRESTRICT:
IDH_SERVICES:
CPU: 8
MEMORY: 16
DISKS: 0
COPPER: 0
SFP: 0

18
salt/setup/virt/idh.yaml
View File

@@ -1,18 +0,0 @@
MAINIP:
MNIC: enp1s0
NODE_DESCRIPTION: 'vm'
ES_HEAP_SIZE:
PATCHSCHEDULENAME:
INTERFACE:
NODETYPE: IDH
CORECOUNT: 2
LSHOSTNAME:
LSHEAP:
CPUCORES: 2
IDH_MGTRESTRICT:
IDH_SERVICES:
CPU: 2
MEMORY: 1
DISKS: 0
COPPER: 0
SFP: 0

18
salt/setup/virt/receiver.yaml
View File

@@ -1,18 +0,0 @@
MAINIP:
MNIC: enp1s0
NODE_DESCRIPTION: 'vm'
ES_HEAP_SIZE:
PATCHSCHEDULENAME:
INTERFACE:
NODETYPE: RECEIVER
CORECOUNT: 2
LSHOSTNAME:
LSHEAP:
CPUCORES: 2
IDH_MGTRESTRICT:
IDH_SERVICES:
CPU: 2
MEMORY: 8
DISKS: 0
COPPER: 0
SFP: 0

18
salt/setup/virt/searchnode.yaml
View File

@@ -1,18 +0,0 @@
MAINIP:
MNIC: enp1s0
NODE_DESCRIPTION: 'vm'
ES_HEAP_SIZE:
PATCHSCHEDULENAME:
INTERFACE:
NODETYPE: SEARCHNODE
CORECOUNT: 8
LSHOSTNAME:
LSHEAP:
CPUCORES: 8
IDH_MGTRESTRICT:
IDH_SERVICES:
CPU: 8
MEMORY: 16
DISKS: 1
COPPER: 0
SFP: 0

18
salt/setup/virt/sensor.yaml
View File

@@ -1,18 +0,0 @@
MAINIP:
MNIC: enp1s0
NODE_DESCRIPTION: 'vm'
ES_HEAP_SIZE:
PATCHSCHEDULENAME:
INTERFACE: bond0
NODETYPE: SENSOR
CORECOUNT: 4
LSHOSTNAME:
LSHEAP:
CPUCORES: 4
IDH_MGTRESTRICT:
IDH_SERVICES:
CPU: 8
MEMORY: 12
DISKS: 0
COPPER: 0
SFP: 0

5
salt/setup/virt/soinstall.map.jinja
View File

@@ -40,12 +40,9 @@
{# Calculate reasonable core usage #} {# Calculate reasonable core usage #}
{% set cores_for_zeek = (DATA.CPUCORES / 2) - 1 %} {% set cores_for_zeek = (DATA.CPUCORES / 2) - 1 %}
{% do salt.log.info('cores_for_zeek calculation using CPUCORES: ' ~ DATA.CPUCORES|string) %}
{% do salt.log.info('cores_for_zeek: ' ~ cores_for_zeek|string) %}
{% set lb_procs_round = cores_for_zeek|round|int %} {% set lb_procs_round = cores_for_zeek|round|int %}
{% do salt.log.info('lb_procs_round: ' ~ lb_procs_round|string) %}
{% set lb_procs = 1 if lb_procs_round < 1 else lb_procs_round %} {% set lb_procs = 1 if lb_procs_round < 1 else lb_procs_round %}
{% do salt.log.info('lb_procs: ' ~ lb_procs|string) %} {% do salt.log.info('Cores for load balancing: ' ~ lb_procs|string) %}
{# Check memory conditions #} {# Check memory conditions #}
{% set low_mem = false %} {% set low_mem = false %}
{% do salt.log.info('Memory check using total_mem: ' ~ total_mem|string) %} {% do salt.log.info('Memory check using total_mem: ' ~ total_mem|string) %}

5
salt/setup/virt/sominion.sls
View File

@@ -13,11 +13,14 @@ create_pillar:
MAINIP: {{ DATA.MAINIP }} MAINIP: {{ DATA.MAINIP }}
MNIC: {{ DATA.MNIC }} MNIC: {{ DATA.MNIC }}
NODE_DESCRIPTION: '{{ DATA.NODE_DESCRIPTION }}' NODE_DESCRIPTION: '{{ DATA.NODE_DESCRIPTION }}'
INTERFACE: {{ DATA.INTERFACE }}
NODETYPE: {{ DATA.NODETYPE }} NODETYPE: {{ DATA.NODETYPE }}
CPUCORES: {{ DATA.CPUCORES }}
{% if 'CORECOUNT' in DATA %} {% if 'CORECOUNT' in DATA %}
CORECOUNT: {{ DATA.CORECOUNT }} CORECOUNT: {{ DATA.CORECOUNT }}
{% endif %} {% endif %}
{% if 'INTERFACE' in DATA %}
INTERFACE: {{ DATA.INTERFACE }}
{% endif %}
{% if 'ES_HEAP_SIZE' in DATA %} {% if 'ES_HEAP_SIZE' in DATA %}
ES_HEAP_SIZE: {{ DATA.ES_HEAP_SIZE }} ES_HEAP_SIZE: {{ DATA.ES_HEAP_SIZE }}
{% endif %} {% endif %}