Merge pull request #317 from Security-Onion-Solutions/bugfix/wazuhpath

Fix Wazuh paths for logstash
2025-12-06 09:12:45 +01:00 · 2020-02-07 16:18:14 -05:00
parent 7fc0a09abf e4a73d9773
commit 98a6a1d1d5
3 changed files with 12 additions and 7 deletions
--- a/salt/wazuh/files/wazuh-manager-whitelist
+++ b/salt/wazuh/files/wazuh-manager-whitelist
@@ -18,7 +18,7 @@

 # Check if Wazuh enabled
 if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
-      WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
+      WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
      if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
              DATE=`date`
              sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
@@ -26,8 +26,5 @@ if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
              echo -e "<!--Address {{ MASTERIP }} added by setup on "$DATE"-->\n  <global>\n    <white_list>{{ MASTERIP }}</white_list>\n  </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
              echo "Added whitelist entry for {{ MASTERIP }} in $WAZUH_MGR_CFG."
              echo
-              echo "Restarting OSSEC Server..."
-              #/usr/sbin/so-wazuh-restart
      fi
 fi
-
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -43,11 +43,19 @@ wazuhdir:
    - user: 945
    - group: 945

-wazuhlogdir:
+wazuhalertlogdir:
  file.directory:
-    - name: /opt/so/log/wazuh
+    - name: /opt/so/log/wazuh/logs/alerts
    - user: 945
    - group: 945
+    - makedirs: True
+
+wazuharchlogdir:
+  file.directory:
+    - name: /opt/so/log/wazuh/logs/archives
+    - user: 945
+    - group: 945
+    - makedirs: True

 # Add wazuh agent
 wazuhpkgs: