From ec179f8e9b40d8b5745868f292f0c17414f105e0 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 17 Mar 2021 18:44:25 -0400
Subject: [PATCH] 
 https://github.com/Security-Onion-Solutions/securityonion/issues/3515

---
 salt/suricata/init.sls | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 2adfe17a0..20a9db14b 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -179,6 +179,26 @@ disable_so-suricata_so-status.conf:
     - month: '*'
     - dayweek: '*'
 
+so-suricata-eve-clean:
+  file.managed:
+    - name: /usr/sbin/so-suricata-eve-clean
+    - user: root
+    - group: root
+    - file_mode: 755
+    - template: jinja
+    - source: salt://suricata/cron/so-suricata-eve-clean
+
+# Add eve clean cron
+clean_suricata_eve_files:
+  cron.present:
+    - name: /usr/sbin/so-suricata-eve-clean > /dev/null 2>&1
+    - user: root
+    - minute: '*/5'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
 {% else %}
 
 {{sls}}_state_not_allowed: