CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 07:23:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #934 from Security-Onion-Solutions/issue/142

Browse Source 
Issue/142
This commit is contained in:
Mike Reeves
2020-07-06 16:12:48 -04:00
committed by GitHub
parent da0a0ae6ae f05e366d49
commit cc2f023840
6 changed files with 33 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-saltstack-update
View File

@@ -30,7 +30,7 @@ clone_to_tmp() {
copy_new_files() {
# Copy new files over to the salt dir
cd /tmp/sogh/securityonion-saltstack
cd /tmp/sogh/securityonion
git checkout $BRANCH
rsync -a --exclude-from 'exclude-list.txt' salt $default_salt_dir/
rsync -a --exclude-from 'exclude-list.txt' pillar $default_salt_dir/

11
salt/logstash/init.sls
View File

@@ -23,19 +23,12 @@
{% endif %}
# Logstash Section - Decide which pillar to use
{% if grains['role'] == 'so-sensor' %}
{% set lsheap = salt['pillar.get']('sensor:lsheap', '') %}
{% set lsaccessip = salt['pillar.get']('sensor:lsaccessip', '') %}
{% elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
{% set lsheap = salt['pillar.get']('node:lsheap', '') %}
{% set nodetype = salt['pillar.get']('node:node_type', 'storage') %}
{% elif grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
{% set lsheap = salt['pillar.get']('master:lsheap', '') %}
{% set lsheap = salt['pillar.get']('logstash_settings:lsheap', '') %}
{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
{% set freq = salt['pillar.get']('master:freq', '0') %}
{% set dstats = salt['pillar.get']('master:domainstats', '0') %}
{% set nodetype = salt['grains.get']('role', '') %}
{% elif grains['role'] == 'so-helix' %}
{% set lsheap = salt['pillar.get']('master:lsheap', '') %}
{% set freq = salt['pillar.get']('master:freq', '0') %}
{% set dstats = salt['pillar.get']('master:domainstats', '0') %}
{% set nodetype = salt['grains.get']('role', '') %}

10
salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
View File

@@ -1,14 +1,16 @@
{%- if grains.role == 'so-heavynode' %}
{%- set master = salt['pillar.get']('node:mainip', '') %}
{%- set MASTER = salt['pillar.get']('node:mainip', '') %}
{%- else %}
{%- set master = salt['pillar.get']('static:masterip', '') %}
{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
{% endif -%}
{%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %}
input {
redis {
host => '{{ master }}'
host => '{{ MASTER }}'
data_type => 'list'
key => 'logstash:unparsed'
type => 'redis-input'
# threads => 1
threads => {{ THREADS }}
}
}

22
salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
View File

@@ -1,26 +1,14 @@
{%- if salt['grains.get']('role') == 'so-master' %}
{% set master = salt['pillar.get']('static:masterip', '') %}
{%- set nodetype = 'master' %}
{% elif grains.role == 'so-heavynode' %}
{% set master = salt['pillar.get']('node:mainip', '') %}
{%- set nodetype = salt['pillar.get']('node:node_type', 'search') %}
{%- else %}
{%- set nodetype = salt['pillar.get']('node:node_type', 'storage') %}
{% set master = salt['pillar.get']('static:masterip', '') %}
{%- endif %}
{% set MASTER = salt['pillar.get']('static:masterip', '') %}
{% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %}
output {
redis {
host => '{{ master }}'
host => '{{ MASTER }}'
data_type => 'list'
{%- if nodetype == 'parser' %}
key => 'logstash:parsed'
{%- else %}
key => 'logstash:unparsed'
{%- endif %}
congestion_interval => 1
congestion_threshold => 50000000
# batch_events => 500
batch ==> True
batch_events => {{ BATCH }}
}
}

1
salt/redis/init.sls
View File

@@ -12,7 +12,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{% set lsaccessip = salt['pillar.get']('master:lsaccessip', '') %}
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}