CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-13 04:32:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

flip logic to check there aren't two default policies and fleet-default-output is disabled

Browse Source
This commit is contained in:
reyesj2
2025-09-18 16:05:34 -05:00
parent 21e27bce87
commit 878a3f8962
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
View File

@@ -75,11 +75,11 @@ printf "\n\n"
status "Verifying so-manager_elasticsearch policy is configured as the current default"
# Grab the fleet-default-output policy instead of so-manager_elasticsearch, because a weird state can exist where both fleet-default-output & so-elasticsearch_manager can be set as the active default output for logs / metrics. Resulting in logs not ingesting on import/eval nodes
# Check that fleet-default-output isn't configured as a default for anything
if DEFAULTPOLICY=$(fleet_api "outputs/fleet-default-output"); then
fleet_default=$(echo "$DEFAULTPOLICY" | jq -er '.item.is_default')
fleet_default_monitoring=$(echo "$DEFAULTPOLICY" | jq -er '.item.is_default_monitoring')
if [[ ! $fleet_default ]] && [[ ! $fleet_default_monitoring ]]; then
# Check that fleet-default-output isn't configured as a default for anything ( both variables return false )
if [[ $fleet_default ]] && [[ $fleet_default_monitoring ]]; then
echo -e "\nso-manager_elasticsearch is configured as the current default policy..."
else
echo -e "\nVerification of so-manager_elasticsearch policy failed... The default 'fleet-default-output' output is still active..."