diff --git a/files/master b/files/master index ba107b939..f14c4194c 100644 --- a/files/master +++ b/files/master @@ -61,5 +61,3 @@ peer: reactor: - 'so/fleet': - salt://reactor/fleet.sls - - 'salt/beacon/*/zeek/': - - salt://reactor/zeek.sls diff --git a/pillar/healthcheck/eval.sls b/pillar/healthcheck/eval.sls index fbfa54e45..09efb7ba7 100644 --- a/pillar/healthcheck/eval.sls +++ b/pillar/healthcheck/eval.sls @@ -1,5 +1,5 @@ healthcheck: enabled: False - schedule: 60 + schedule: 10 checks: - zeek diff --git a/pillar/healthcheck/sensor.sls b/pillar/healthcheck/sensor.sls index fbfa54e45..09efb7ba7 100644 --- a/pillar/healthcheck/sensor.sls +++ b/pillar/healthcheck/sensor.sls @@ -1,5 +1,5 @@ healthcheck: enabled: False - schedule: 60 + schedule: 10 checks: - zeek diff --git a/salt/_modules/healthcheck.py b/salt/_modules/healthcheck.py index 2dafa23d3..0a62f0471 100644 --- a/salt/_modules/healthcheck.py +++ b/salt/_modules/healthcheck.py @@ -3,7 +3,7 @@ import logging import sys -allowed_functions = ['is_enabled,zeek'] +allowed_functions = ['is_enabled', 'zeek'] states_to_apply = [] @@ -42,14 +42,14 @@ def run(checks=''): retval = [] calling_func = sys._getframe().f_back.f_code.co_name - logging.debug('healthcheck_module: run function caller: %s' % calling_func) + logging.info('healthcheck_module: run function caller: %s' % calling_func) if checks: checks = checks.split(',') else: checks = __salt__['pillar.get']('healthcheck:checks', {}) - logging.debug('healthcheck_module: run checks to be run: %s' % str(checks)) + logging.info('healthcheck_module: run checks to be run: %s' % str(checks)) for check in checks: if check in allowed_functions: retval.append(check) @@ -65,6 +65,11 @@ def run(checks=''): return retval +def send_event(tag, eventdata): + #__salt__['event.send'](tag, data={'stuff': 'things'}) + __salt__['event.send'](tag, eventdata[0]) + + def zeek(): calling_func = sys._getframe().f_back.f_code.co_name @@ -86,5 +91,6 @@ def zeek(): retval.append({'zeek_restart': zeek_restart}) + send_event('so/healthcheck/zeek', retval) __salt__['telegraf.send']('healthcheck zeek_restart=%s' % str(zeek_restart)) return retval diff --git a/salt/healthcheck/init.sls b/salt/healthcheck/init.sls index 627603099..c325bea08 100644 --- a/salt/healthcheck/init.sls +++ b/salt/healthcheck/init.sls @@ -1,9 +1,6 @@ -### This state isn't used for anything. It was written to handle healthcheck scheduling, -### but we handle that with beacons now. - {% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %} {% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %} -{% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 30) %} +{% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 10) %} {% if CHECKS and ENABLED %} {% set STATUS = ['present','enabled'] %} @@ -21,7 +18,7 @@ healthcheck_schedule_{{ STATUS[0] }}: schedule.{{ STATUS[0] }}: - name: healthcheck - function: healthcheck.run - - minutes: {{ SCHEDULE }} + - seconds: {{ SCHEDULE }} healthcheck_schedule_{{ STATUS[1] }}: schedule.{{ STATUS[1] }}: diff --git a/salt/reactor/zeek.sls b/salt/reactor/zeek.sls index c22d6f94d..f2e26b095 100644 --- a/salt/reactor/zeek.sls +++ b/salt/reactor/zeek.sls @@ -6,7 +6,7 @@ local = salt.client.LocalClient() def run(): minionid = data['id'] - zeek_restart = data['zeek_restart'] + zeek_restart = data['data']['zeek_restart'] logging.info('zeek_reactor: zeek_need_restarted:%s on:%s' % (zeek_restart, minionid)) if zeek_restart: diff --git a/salt/top.sls b/salt/top.sls index 7132a4f69..0b08f4c9f 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -37,7 +37,7 @@ base: - firewall - pcap - suricata - - salt.beacons + - healthcheck {%- if BROVER != 'SURICATA' %} - zeek {%- endif %} @@ -58,7 +58,7 @@ base: - firewall - idstools - auth #Shared secrets - - salt.beacons + - healthcheck {%- if FLEETMASTER or FLEETNODE %} - mysql {%- endif %}