From fb8ad71b27d0848004c3da96d9f5e602b5e53aa9 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Tue, 13 Jun 2023 13:19:18 -0400
Subject: [PATCH] Set START and END variables earlier in so-import-pcap

---
 salt/common/tools/sbin_jinja/so-import-pcap | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/salt/common/tools/sbin_jinja/so-import-pcap b/salt/common/tools/sbin_jinja/so-import-pcap
index 8e2bc523d..4169d8769 100755
--- a/salt/common/tools/sbin_jinja/so-import-pcap
+++ b/salt/common/tools/sbin_jinja/so-import-pcap
@@ -194,6 +194,9 @@ for PCAP in $INPUT_FILES; do
       status "- analyzing traffic with Zeek"
       zeek "${PCAP}" $HASH
       {% endif %}
+      
+      START=$(pcapinfo "${PCAP}" -a |grep "First packet time:" | awk '{print $4}')
+      END=$(pcapinfo "${PCAP}" -e |grep "Last packet time:" | awk '{print $4}')
       status "- saving PCAP data spanning dates $START through $END"
     fi
 
@@ -205,9 +208,6 @@ for PCAP in $INPUT_FILES; do
       HASHES="${HASHES} ${HASH}"
     fi
 
-    START=$(pcapinfo "${PCAP}" -a |grep "First packet time:" | awk '{print $4}')
-    END=$(pcapinfo "${PCAP}" -e |grep "Last packet time:" | awk '{print $4}')
-
     # compare $START to $START_OLDEST
     START_COMPARE=$(date -d $START +%s)
     START_OLDEST_COMPARE=$(date -d $START_OLDEST +%s)
@@ -286,4 +286,4 @@ if [[ $json -eq 1 ]]; then
     }'''
 fi
 
-exit $RESULT
\ No newline at end of file
+exit $RESULT