From 8528645c2ccf21a8f0891b12aafeb7a625757d25 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 14 Sep 2022 15:02:55 -0400
Subject: [PATCH] Update suricata_config.map.jinja

---
 salt/suricata/suricata_config.map.jinja | 29 ++++++++++++++++---------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/salt/suricata/suricata_config.map.jinja b/salt/suricata/suricata_config.map.jinja
index 5790832ef..cf576179e 100644
--- a/salt/suricata/suricata_config.map.jinja
+++ b/salt/suricata/suricata_config.map.jinja
@@ -1,17 +1,26 @@
 {% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
 {% set suricata_pillar = pillar.suricata %}
-{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
+{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False) %}
 {% load_yaml as afpacket %}
 af-packet:
-  - interface: {{ surimerge.suricata.config.af-packet.interface }}
-    cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
-    cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
-    defrag: {{ surimerge.suricata.config.af-packet.defrag }}
-    use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
-    threads: {{ surimerge.suricata.config.af-packet.threads }}
-    tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
-    ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
+  - interface: {{ surimerge.suricata.config['af-packet'].interface }}
+    cluster-id: {{ surimerge.suricata.config['af-packet']['cluster-id'] }}
+    cluster-type: {{ surimerge.suricata.config['af-packet']['cluster-type'] }}
+    defrag: {{ surimerge.suricata.config['af-packet'].defrag }}
+    use-mmap: {{ surimerge.suricata.config['af-packet']['use-mmap'] }}
+    threads: {{ surimerge.suricata.config['af-packet'].threads }}
+    tpacket-v3: {{ surimerge.suricata.config['af-packet']['tpacket-v3'] }}
+    ring-size: {{ surimerge.suricata.config['af-packet']['ring-size'] }}
 {% endload %}
 {% do suricata_defaults.suricata.config.update({'af-packet': afpacket}) %}
 
-{% do salt['defaults.merge'](suricata_defaults.suricata.config, suricata_pillar, in_place=True) %}
+{% load_yaml as outputs %}
+outputs:
+  - fast:
+    enabled: {{ surimerge.suricata.config.outputs.fast.enabled }}
+    filename: {{ surimerge.suricata.config.outputs.fast.filename }}
+    append: {{ surimerge.suricata.config.outputs.fast.append }}
+  - eve-log
+    enabled: {{ surimerge.suricata.config.outputs['eve-log'].enabled }}
+{% endload %}
+{% do suricata_defaults.suricata.config.update({'outputs': outputs}) %}