Merge pull request #481 from Security-Onion-Solutions/fix/strelka_stuff

Fix/strelka stuff

salt/filebeat/etc/filebeat.yml

@@ -162,9 +162,10 @@ filebeat.inputs:
 
   - type: log
     paths:
-      - /opt/so/log/strelka/strelka.log
+      - /nsm/strelka/log/strelka.log
     fields:
       module: strelka
+      category: file
       dataset: file
 
     processors:

salt/strelka/init.sls

@@ -23,14 +23,6 @@ strelkaconfdir:
     - group: 939
     - makedirs: True
 
-# Strelka logs 
-strelkalogdir:
-  file.directory:
-    - name: /opt/so/log/strelka
-    - user: 939
-    - group: 939
-    - makedirs: True
-
 # Sync dynamic config to conf dir
 strelkasync:
   file.recurse:
@@ -47,6 +39,13 @@ strelkadatadir:
     - group: 939
     - makedirs: True
 
+strelkalogdir:
+  file.directory:
+    - name: /nsm/strelka/log
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 strelkastagedir:
    file.directory:
     - name: /nsm/strelka/processed
@@ -75,7 +74,7 @@ strelka_frontend:
     - image: soshybridhunter/so-strelka-frontend:HH1.2.1
     - binds:
       - /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
-      - /opt/so/log/strelka/:/var/log/strelka/:rw
+      - /nsm/strelka/log/:/var/log/strelka/:rw
     - privileged: True
     - name: so-strelka-frontend
     - command: strelka-frontend