From 3983e08fe538c9ebccfa51d54bb0db55556b23e0 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 1 Mar 2021 13:31:05 -0500
Subject: [PATCH 1/2] exclude zeekcaptureloss when suricata metadata selected
 https://github.com/Security-Onion-Solutions/securityonion/issues/3206

---
 salt/telegraf/etc/telegraf.conf | 10 ++++++++++
 salt/telegraf/init.sls          |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index 31be621a0..0c447172f 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -684,8 +684,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
+  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
+  {% endif %}
       "/scripts/oldpcap.sh",
       "/scripts/raid.sh"
    ]
@@ -697,8 +699,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
+  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
+  {% endif %}
       "/scripts/oldpcap.sh",
       "/scripts/eps.sh",
       "/scripts/raid.sh"
@@ -713,8 +717,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
+  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
+  {% endif %}
       "/scripts/oldpcap.sh",
       "/scripts/eps.sh",
       "/scripts/raid.sh"
@@ -728,8 +734,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
+  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
+  {% endif %}
       "/scripts/oldpcap.sh",
       "/scripts/influxdbsize.sh",
       "/scripts/raid.sh"
@@ -742,8 +750,10 @@
     "/scripts/stenoloss.sh",
     "/scripts/suriloss.sh",
     "/scripts/checkfiles.sh",
+  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
     "/scripts/zeekloss.sh",
     "/scripts/zeekcaptureloss.sh",
+  {% endif %}
     "/scripts/oldpcap.sh",
     "/scripts/helixeps.sh"
   ]
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index 81513eee2..2814eb159 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -29,6 +29,9 @@ tgrafsyncscripts:
     - file_mode: 700
     - template: jinja
     - source: salt://telegraf/scripts
+{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %}
+    - exclude_pat: zeekcaptureloss.sh
+{% endif %}
 
 tgrafconf:
   file.managed:

From a197d5addfacd1bf0a6f733d7e6a25858483f831 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 1 Mar 2021 13:58:04 -0500
Subject: [PATCH 2/2] revert version to 2.3.30
 https://github.com/Security-Onion-Solutions/securityonion/issues/3206

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 0f1c3e555..ad0b729ff 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3.40
+2.3.30