CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 22:47:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

add pcap to import node, test not starting zeek docker by default

Browse Source
This commit is contained in:
m0duspwnens
2020-08-14 13:59:23 -04:00
parent fbbec71165
commit ff84640aad
5 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/top.sls
+1
View File
@@ -399,6 +399,7 @@ base:
- firewall
- idstools
- suricata.manager
- pcap
- elasticsearch
- kibana
- filebeat
salt/zeek/init.sls
+3
View File
@@ -1,3 +1,5 @@
{% from "zeek/map.jinja" import START with context %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -167,6 +169,7 @@ localzeeksync:
so-zeek:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}
- start: {{ START }}
- privileged: True
- binds:
- /nsm/zeek/logs:/nsm/zeek/logs:rw
salt/zeek/map.jinja
+6
View File
@@ -0,0 +1,6 @@
# don't start the docker container if it is an import node
{% if grains.id.split('_')|last == 'import' %}
{% set START = False %}
{% else %}
{% set START = True %}
{% endif %}