Merge branch 'dev' into feature/setup-changes

2025-12-10 19:22:54 +01:00 · 2020-07-01 16:24:55 -04:00
parent b4f9fe5f54 d6feafb12a
commit 85a3f3c277
5 changed files with 36 additions and 38 deletions
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
--- a/salt/deprecated-bro/files/node.cfg
+++ b/salt/deprecated-bro/files/node.cfg
@@ -1,13 +1,13 @@
 {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
-{%- if salt['pillar.get']('sensor:bro_pins') or salt['pillar.get']('sensor:bro_lbprocs') %}
+{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
-{%- if salt['pillar.get']('sensor:bro_proxies') %}
+{%- if salt['pillar.get']('sensor:zeek_proxies') %}
-  {%- set proxies =  salt['pillar.get']('sensor:bro_proxies', '1') %}
+  {%- set proxies =  salt['pillar.get']('sensor:zeek_proxies', '1') %}
 {%- else %}
-  {%- if salt['pillar.get']('sensor:bro_pins') %}
+  {%- if salt['pillar.get']('sensor:zeek_pins') %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %}
+    {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
  {%- else %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_lbprocs')/10)|round(0, 'ceil')|int %}
+    {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
  {%- endif %}
 {%- endif %}
 [manager]
@@ -28,13 +28,13 @@ host=localhost
 interface=af_packet::{{ interface }}
 lb_method=custom
-{%- if salt['pillar.get']('sensor:bro_lbprocs') %}
+{%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
-lb_procs={{ salt['pillar.get']('sensor:bro_lbprocs', '1') }}
+lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
 {%- else %}
-lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }}
+lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
 {%- endif %}
-{%- if salt['pillar.get']('sensor:bro_pins') %}
+{%- if salt['pillar.get']('sensor:zeek_pins') %}
-pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }}
+pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
 {%- endif %}
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -127,11 +127,11 @@ filebeat.inputs:
        category: network
        imported: true
    processors:
-      - dissect:
+    - dissect:
-          tokenizer: "/nsm/import/%{import_id}/zeek/logs/%{import_source}"
+        tokenizer: "/nsm/import/%{import_id}/zeek/logs/%{import_source}"
-          field: "source"
+        field: "source"
-          target_prefix: ""
+        target_prefix: ""
-      - drop_fields:
+    - drop_fields:
        fields: ["source", "prospector", "input", "offset", "beat"]
    fields_under_root: true
--- a/salt/zeek/files/node.cfg
+++ b/salt/zeek/files/node.cfg
@@ -1,15 +1,14 @@
 {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
-
+{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
-{%- if salt['pillar.get']('sensor:bro_pins') or salt['pillar.get']('sensor:bro_lbprocs') %}
+  {%- if salt['pillar.get']('sensor:zeek_proxies') %}
-{%- if salt['pillar.get']('sensor:bro_proxies') %}
+    {%- set proxies =  salt['pillar.get']('sensor:zeek_proxies', '1') %}
  {%- set proxies =  salt['pillar.get']('sensor:bro_proxies', '1') %}
 {%- else %}
  {%- if salt['pillar.get']('sensor:bro_pins') %}
    {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %}
  {%- else %}
-    {%- set proxies = (salt['pillar.get']('sensor:bro_lbprocs')/10)|round(0, 'ceil')|int %}
+    {%- if salt['pillar.get']('sensor:zeek_pins') %}
      {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
    {%- else %}
      {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
    {%- endif %}
  {%- endif %}
 {%- endif %}
 [manager]
 type=manager
 host=localhost
@@ -27,18 +26,17 @@ type=worker
 host=localhost
 interface=af_packet::{{ interface }}
 lb_method=custom
-
+  {%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
-{%- if salt['pillar.get']('sensor:bro_lbprocs') %}
+lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
-lb_procs={{ salt['pillar.get']('sensor:bro_lbprocs', '1') }}
+    {%- else %}
-{%- else %}
+lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
-lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }}
+  {%- endif %}
-{%- endif %}
+  {%- if salt['pillar.get']('sensor:zeek_pins') %}
-{%- if salt['pillar.get']('sensor:bro_pins') %}
+pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
-pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }}
+  {%- endif %}
 {%- endif %}
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH
-af_packet_buffer_size=128*1024*1024
+af_packet_buffer_size={{ salt['pillar.get']('sensor:zeek_buffer', 128*1024*1024) }}
 {%- else %}
 [brosa]
 type=standalone
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1367,7 +1367,7 @@ sensor_pillar() {
 		"  mainint: $MNIC" >> "$pillar_file"
 	if [ "$NSMSETUP" = 'ADVANCED' ]; then
-		echo "  bro_pins:" >> "$pillar_file"
+		echo "  zeek_pins:" >> "$pillar_file"
 		for PIN in "${BROPINS[@]}"; do
 			PIN=$(echo "$PIN" |  cut -d\" -f2)
 		echo "    - $PIN" >> "$pillar_file"
@@ -1378,10 +1378,10 @@ sensor_pillar() {
 		echo "    - $SPIN" >> "$pillar_file"
 		done
 	elif [ "$install_type" = 'HELIXSENSOR' ]; then
-		echo "  bro_lbprocs: $lb_procs" >> "$pillar_file"
+		echo "  zeek_lbprocs: $lb_procs" >> "$pillar_file"
 		echo "  suriprocs: $lb_procs" >> "$pillar_file"
 	else
-		echo "  bro_lbprocs: $BASICBRO" >> "$pillar_file"
+		echo "  zeek_lbprocs: $BASICBRO" >> "$pillar_file"
 		echo "  suriprocs: $BASICSURI" >> "$pillar_file"
 	fi
 	printf '%s\n'\