Merge pull request #9410 from Security-Onion-Solutions/mkr24

Add Telegraf to the GUI for 2.4
2025-12-06 09:12:45 +01:00 · 2022-12-16 08:44:57 -05:00
parent 6a73410be9 5badfb9cf5
commit b5cc5a023d
6 changed files with 80 additions and 2129 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -8,6 +8,8 @@ base:
    - docker.adv_docker
    - sensoroni.soc_sensoroni
    - sensoroni.adv_sensoroni
+    - telegraf.soc_telegraf
+    - telegraf.adv_telegraf

  '* and not *_eval and not *_import':
    - logstash.nodes
--- a/salt/telegraf/defaults.yaml
+++ b/salt/telegraf/defaults.yaml
@@ -0,0 +1,10 @@
+telegraf:
+  config:
+    interval: '30s'
+    metric_batch_size: 1000
+    metric_buffer_limit: 10000
+    collection_jitter: '0s'
+    flush_interval: '10s'
+    flush_jitter: '0s'
+    debug: 'false'
+    quiet: 'false'
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
--- a/salt/telegraf/soc_telegraf.yaml
+++ b/salt/telegraf/soc_telegraf.yaml
@@ -0,0 +1,42 @@
+telegraf:
+  config:
+    interval:
+      description: Data collection interval.
+      global: True
+      helpLink: telegraf.html
+    metric_batch_size: 
+      description: Data collection batch size.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    metric_buffer_limit:
+      description: Data collection buffer size.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    collection_jitter: 
+      description: Jitter of the flush interval.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    flush_interval:
+      description: Flush interval for all outputs.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    flush_jitter: 
+      description: Jitter the flush interval.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    debug: 
+      description: Data collection interval.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    quiet: 
+      description: Data collection interval.
+      global: True
+      advanced: True
+      helpLink: telegraf.html
+    
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1359,6 +1359,11 @@ soc_pillar() {
 	touch $soc_pillar_file
 }

+telegraf_pillar()
+	title "Creating telegraf pillar"
+	touch $adv_telegraf_pillar_file
+	touch $telegraf_pillar_file
+
 manager_pillar() {
 	touch $adv_manager_pillar_file
 	title "Create the manager pillar"
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -84,7 +84,7 @@ mkdir -p $local_salt_dir/salt/firewall/hostgroups
 mkdir -p $local_salt_dir/salt/firewall/portgroups
 mkdir -p $local_salt_dir/salt/firewall/ports

-for THEDIR in bpf pcap elasticsearch ntp firewall redis backup strelka sensoroni curator soc soctopus docker zeek suricata nginx filebeat logstash soc manager kratos idstools idh elastalert 
+for THEDIR in bpf pcap elasticsearch ntp firewall redis backup strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf filebeat logstash soc manager kratos idstools idh elastalert 
 do
    mkdir -p $local_salt_dir/pillar/$THEDIR
    touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
@@ -203,4 +203,10 @@ idh_pillar_file="$local_salt_dir/pillar/idh/soc_idh.sls"
 export idh_pillar_file

 adv_idh_pillar_file="$local_salt_dir/pillar/idh/adv_idh.sls"
-export adv_idh_pillar_file
+export adv_idh_pillar_file
+
+telegraf_pillar_file="$local_salt_dir/pillar/telegraf/soc_telegraf.sls"
+export telegraf_pillar_file
+
+adv_telegraf_pillar_file="$local_salt_dir/pillar/telegraf/adv_telegraf.sls"
+export adv_telegraf_pillar_file