Merge pull request #5086 from Security-Onion-Solutions/foxtrot

Add conditional check for logscan log + add log folder to logrotate config
2025-12-06 17:22:49 +01:00 · 2021-08-06 11:32:23 -04:00
parent 768e61e11a 26030d83eb
commit b12e2eded5
2 changed files with 3 additions and 0 deletions
--- a/salt/common/files/log-rotate.conf
+++ b/salt/common/files/log-rotate.conf
@@ -22,6 +22,7 @@
 /opt/so/log/salt/so-salt-minion-check
 /opt/so/log/salt/minion
 /opt/so/log/salt/master
+/opt/so/log/logscan/*.log
 {
    {{ logrotate_conf | indent(width=4) }}
 }
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -112,6 +112,7 @@ filebeat.inputs:
      fields: ["source", "prospector", "input", "offset", "beat"]
  fields_under_root: true

+{%- if grains['role'] in ['so-eval', 'so-standalone', 'so-manager', 'so-managersearch', 'so-import'] %}
 - type: log
  paths:
    - /logs/logscan/alerts.log
@@ -124,6 +125,7 @@ filebeat.inputs:
  fields_under_root: true
  clean_removed: true
  close_removed: false
+{%- endif %}

 {%- if grains['role'] in ['so-eval', 'so-standalone', 'so-sensor',  'so-helix', 'so-heavynode', 'so-import'] %}
  {%- if ZEEKVER != 'SURICATA' %}