From 88d2ddba8bddeeac28fbadf12c826c04a4a61e82 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 29 Jan 2024 15:53:54 -0500
Subject: [PATCH] add placeholder for telegraf

---
 salt/telegraf/scripts/oldpcap.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/salt/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh
index bb1be457f..d3f4b9a93 100644
--- a/salt/telegraf/scripts/oldpcap.sh
+++ b/salt/telegraf/scripts/oldpcap.sh
@@ -5,13 +5,18 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
+{%- if pcap is steno
+PCAPLOC=/host/nsm/pcap
+{%- else %}
+PCAPLOC=/host/nsm/suripcap
+{%- endif %}
 
 
 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
 
     # Get the data
-    OLDPCAP=$(find /host/nsm/pcap -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'})
+    OLDPCAP=$(find $PCAPLOC -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'})
     DATE=$(date +%s)
     AGE=$(($DATE - $OLDPCAP))