From b00f11365865158664817064b81e51c04cb8b134 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Sat, 14 Mar 2026 19:45:50 -0400
Subject: [PATCH] initialize pcap-log

---
 salt/suricata/map.jinja | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja
index adde8d3ee..c99beff21 100644
--- a/salt/suricata/map.jinja
+++ b/salt/suricata/map.jinja
@@ -11,6 +11,11 @@
 {# before we change outputs back to list, enable pcap-log if suricata is the pcapengine #}
 {% if GLOBALS.pcap_engine in ["SURICATA"] %}
 
+{# initialize pcap-log in config.outputs since we dont put it in defaults #}
+{%   if 'pcap-log' not in SURICATAMERGED.config.outputs %}
+{%     do SURICATAMERGED.config.outputs.update({'pcap-log': {}}) %}
+{%   endif %}
+
 {%   from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %}
 {%   if PCAPBPF and PCAP_BPF_STATUS %}
 {%     do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}