Merge pull request #2393 from Security-Onion-Solutions/fix/strelka_filestream

Fix/strelka filestream
2025-12-06 09:12:45 +01:00 · 2020-12-18 15:48:54 -05:00
parent 4ccb80c9c8 2fee2ca143
commit def08895d5
2 changed files with 19 additions and 5 deletions
--- a/salt/strelka/files/filestream/filestream.yaml
+++ b/salt/strelka/files/filestream/filestream.yaml
@@ -16,7 +16,7 @@ throughput:
  delay: 0s
 files:
  patterns:
-    - '/nsm/strelka/*'
+    - '/nsm/strelka/unprocessed/*'
  delete: false
  gatekeeper: true
 response:
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -72,13 +72,20 @@ strelkalogdir:
    - group: 939
    - makedirs: True
-strelkastagedir:
+strelkaprocessed:
   file.directory:
    - name: /nsm/strelka/processed
    - user: 939
    - group: 939
    - makedirs: True
 strelkaunprocessed:
   file.directory:
    - name: /nsm/strelka/unprocessed
    - user: 939
    - group: 939
    - makedirs: True
 strelka_coordinator:
  docker_container.running:
    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
@@ -163,11 +170,18 @@ append_so-strelka-filestream_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-strelka-filestream
-    
+
 strelka_zeek_extracted_sync_old:
  cron.absent:
    - user: root
    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
    - minute: '*'
 strelka_zeek_extracted_sync:
  cron.present:
    - user: root
-    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
+    - identifier: zeek-extracted-strelka-sync
    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1'
    - minute: '*'
 {% else %}
@@ -176,4 +190,4 @@ strelka_state_not_allowed:
  test.fail_without_changes:
    - name: strelka_state_not_allowed
-{% endif %}
+{% endif %}