From e4651cc5d399828b5d81ac0708de275eff4ce032 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 23 Feb 2018 16:48:00 -0500
Subject: [PATCH] Suricata Salt Module - Light the Suricata fires

---
 salt/suricata/init.sls | 8 +++++++-
 salt/top.sls           | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 129da95fd..61f35cd94 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -27,6 +27,12 @@ suriruledir:
     - group: 940
     - makedirs: True
 
+surilogdir:
+  file.directory:
+    - name: /opt/so/log/suricata
+    - user: 940
+    - group: 939
+
 surirulesync:
   file.recurse:
     - name: /opt/so/conf/suricata/rules
@@ -49,5 +55,5 @@ so-suricata:
     - priviledged: True
     - binds:
       - /opt/so/suricata/conf/rules:/usr/local/etc/suricata/rules:ro
-      - /opt/so/rules/nids:/opt/so/rules/nids:rw
+      - /opt/so/log/suricata:/usr/local/var/log/suricata/:rw
     - network_mode: host
diff --git a/salt/top.sls b/salt/top.sls
index d1c5f6630..896d4b800 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -2,6 +2,7 @@ base:
   'G@role:so-sensor':
     - common
     - pcap
+    - suricata
 
   'G@role:eval':
     - common