Suricata Meta Data Option

2025-12-06 09:12:45 +01:00 · 2018-11-13 11:25:30 -05:00
parent 62d28942f8
commit a70b7ed3de
4 changed files with 1933 additions and 3 deletions
--- a/exclude-list.txt
+++ b/exclude-list.txt
@@ -1,3 +1,2 @@
 salt/bro/files/local.bro
 salt/bro/files/local.bro.community
-salt/suricata/suricata.yaml
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -1,5 +1,6 @@
 {%- set MASTER = grains['master'] %}
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
+{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}

 name: {{ HOSTNAME }}

@@ -10,7 +11,7 @@ filebeat.modules:
 # List of prospectors to fetch data.
 filebeat.prospectors:
 #------------------------------ Log prospector --------------------------------
-
+{%- if BROVER != SURICATA %}
 {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '')  %}
  - type: log
    paths:
@@ -23,6 +24,7 @@ filebeat.prospectors:
    close_removed: false

 {%- endfor %}
+{%- endif %}

  - type: log
    paths:
--- a/salt/suricata/files/suricataMETA.yaml
+++ b/salt/suricata/files/suricataMETA.yaml
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -786,7 +786,8 @@ whiptail_bro_pins() {

 whiptail_bro_version() {

-  BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "Which version of Bro would you like to use?" 20 78 4 "COMMUNITY" "Install Community Bro" ON "ZEEK" "Install Zeek" OFF 3>&1 1>&2 2>&3)
+  BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 78 4 "COMMUNITY" "Install Community Bro" ON \
+   "ZEEK" "Install Zeek" OFF "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)

  local exitstatus=$?
  whiptail_check_exitstatus $exitstatus