Merge pull request #3959 from Security-Onion-Solutions/fix/zeekpillar

Fix Zeek Setting for close-delete
2025-12-09 02:32:46 +01:00 · 2021-04-22 10:55:46 -04:00
parent 3d65135993 a41c40ccbb
commit ee48bb9b2a
1 changed files with 28 additions and 0 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -475,6 +475,34 @@ up_2.3.3X_to_2.3.50_repo() {
 }

 up_2.3.3X_to_2.3.50() {
+  
+  cat <<EOF > /tmp/supersed.txt
+/so-zeek:/ {
+  p;
+  n;
+  /shards:/ {
+    p;
+    n;
+    /warm:/ {
+      p;
+      n;
+      /close:/ {
+        s/close: 365/close: 45/;
+        p;
+        n;
+        /delete:/ {
+          s/delete: 45/delete: 365/;
+          p;
+          d;
+        }
+      }
+    }
+  }
+}
+p;
+EOF
+  sed -n -i -f /tmp/supersed.txt /opt/so/saltstack/local/global.sls
+  rm /tmp/supersed.txt
  INSTALLEDVERSION=2.3.50
 }