CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4/dev' into fix/tgrafzeekcloss

Browse Source
This commit is contained in:
m0duspwnens
2023-08-08 09:36:12 -04:00
parent 69553f9017 dad541423d
commit e286b8f2ba
8 changed files with 28 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
+6 -8
View File
@@ -43,14 +43,12 @@ fi
# Query for FQDN entries & add them to the list
{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}
CUSTOMFQDNLIST=({{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }})
if [ -n "$CUSTOMFQDNLIST" ]; then
readarray -t CUSTOMFQDN <<< $CUSTOMFQDNLIST
for CUSTOMNAME in "${CUSTOMFQDN[@]}"
do
NEW_LIST+=("https://$CUSTOMNAME:8220")
done
fi
CUSTOMFQDNLIST=('{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }}')
readarray -t -d ' ' CUSTOMFQDN < <(printf '%s' "$CUSTOMFQDNLIST")
for CUSTOMNAME in "${CUSTOMFQDN[@]}"
do
NEW_LIST+=("$CUSTOMNAME:5055")
done
{% endif %}
# Query for the current Grid Nodes that are running Logstash
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
+6 -8
View File
@@ -43,14 +43,12 @@ fi
# Query for FQDN entries & add them to the list
{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}
CUSTOMFQDNLIST=({{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }})
if [ -n "$CUSTOMFQDNLIST" ]; then
readarray -t CUSTOMFQDN <<< $CUSTOMFQDNLIST
for CUSTOMNAME in "${CUSTOMFQDN[@]}"
do
NEW_LIST+=("https://$CUSTOMNAME:8220")
done
fi
CUSTOMFQDNLIST=('{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }}')
readarray -t -d ' ' CUSTOMFQDN < <(printf '%s' "$CUSTOMFQDNLIST")
for CUSTOMNAME in "${CUSTOMFQDN[@]}"
do
NEW_LIST+=("https://$CUSTOMNAME:8220")
done
{% endif %}
# Query for the current Grid Nodes that are running Logstash (which includes Fleet Nodes)
salt/telegraf/scripts/zeekcaptureloss.sh
+1 -6
View File
@@ -8,15 +8,10 @@
# This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp
# if this script isn't already running
{%- from 'zeek/config.map.jinja' import ZEEKMERGED %}
if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
if [ -d "/host/nsm/zeek/spool/logger" ]; then
{%- if ZEEKMERGED.config.node.pins %}
WORKERS={{ ZEEKMERGED.config.node.pins | length }}
{%- else %}
WORKERS={{ ZEEKMERGED.config.node.lb_procs }}
{%- endif %}
WORKERS={{ salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) }}
ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log
elif [ -d "/host/nsm/zeek/spool/zeeksa" ]; then
WORKERS=1