diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index adaf1d344..3bfd626ad 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -165,7 +165,8 @@ function add_sensor_to_minion() { echo " mtu: 9000" >> $PILLARFILE echo "zeek:" >> $PILLARFILE echo " config:" >> $PILLARFILE - echo " lb_procs: '$CORECOUNT'" >> $PILLARFILE + echo " node:" >> $PILLARFILE + echo " lb_procs: '$CORECOUNT'" >> $PILLARFILE echo "suricata:" >> $PILLARFILE echo " config:" >> $PILLARFILE echo " af-packet:" >> $PILLARFILE diff --git a/salt/pcap/defaults.yaml b/salt/pcap/defaults.yaml index bb93ec6cc..701cde04d 100644 --- a/salt/pcap/defaults.yaml +++ b/salt/pcap/defaults.yaml @@ -6,6 +6,6 @@ pcap: blocks: 2048 preallocate_file_mb: 4096 aiops: 128 - stenopin: False - stenopins: [] + pin_to_cpu: False + cpus_to_pin_to: [] disks: [] \ No newline at end of file diff --git a/salt/pcap/soc_pcap.yaml b/salt/pcap/soc_pcap.yaml index 053874da6..321e93713 100644 --- a/salt/pcap/soc_pcap.yaml +++ b/salt/pcap/soc_pcap.yaml @@ -1,6 +1,6 @@ pcap: enabled: - description: Enable or Disable Stenographer on all sensors or a single sensor + description: Enable or Disable Stenographer on all sensors or a single sensor config: maxdirectoryfiles: description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. @@ -18,7 +18,7 @@ pcap: pin_to_cpu: description: Enable CPU pinning for PCAP. cpus_to_pin_to: - description: CPU to pin PCAP to. Currently only a single SPU is supported + description: CPU to pin PCAP to. Currently only a single CPU is supported disks: description: List of disks to use for PCAP. This is currently not used. advanced: True diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja deleted file mode 100644 index 2c575c456..000000000 --- a/salt/suricata/afpacket.map.jinja +++ /dev/null @@ -1,14 +0,0 @@ -{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %} -{% set suricata_pillar = pillar.suricata %} -{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False) -{% load_yaml as afpacket %} -af-packet: - - interface: {{ surimerge.suricata.config.af-packet.interface }} - cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }} - cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }} - defrag: {{ surimerge.suricata.config.af-packet.defrag }} - use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }} - threads: {{ surimerge.suricata.config.af-packet.threads }} - tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }} - ring-size: {{ surimerge.suricata.config.af-packet.ring-size }} -{% endload %} diff --git a/salt/suricata/threading.map.jinja b/salt/suricata/threading.map.jinja deleted file mode 100644 index 16bffb165..000000000 --- a/salt/suricata/threading.map.jinja +++ /dev/null @@ -1,32 +0,0 @@ -{% if salt['pillar.get']('sensor:suripins') %} - {% load_yaml as cpu_affinity%} -cpu-affinity: - - management-cpu-set: - cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ] # include only these cpus in affinity settings - - receive-cpu-set: - cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ] # include only these cpus in affinity settings - - worker-cpu-set: - cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ] - mode: "exclusive" - threads: {{ salt['pillar.get']('sensor:suripins')|length }} - prio: - default: "high" - {% endload %} -{% elif salt['pillar.get']('sensor:suriprocs') %} - {% load_yaml as cpu_affinity%} -cpu-affinity: - - management-cpu-set: - cpu: [ all ] # include only these CPUs in affinity settings - - receive-cpu-set: - cpu: [ all ] # include only these CPUs in affinity settings - - worker-cpu-set: - cpu: [ "all" ] - mode: "exclusive" - threads: {{ salt['pillar.get']('sensor:suriprocs') }} - prio: - low: [ 0 ] - medium: [ "1-2" ] - high: [ 3 ] - default: "high" - {% endload %} -{% endif %}