Introduces global.telegraf_output (INFLUXDB|POSTGRES|BOTH, default BOTH)
so Telegraf can write metrics to Postgres alongside or instead of
InfluxDB. Each minion authenticates with its own so_telegraf_<minion>
role and writes to a matching schema inside a shared so_telegraf
database, keeping blast radius per-credential to that minion's data.
- Per-minion credentials auto-generated and persisted in postgres/auth.sls
- postgres/telegraf_users.sls reconciles roles/schemas on every apply
- Firewall opens 5432 only to minion hostgroups when Postgres output is active
- Reactor on salt/auth + orch/telegraf_postgres_sync.sls provision new
minions automatically on key accept
- soup post_to_3.1.0 backfills users for existing minions on upgrade
- so-show-stats prints latest CPU/mem/disk/load per minion for sanity checks
- so-telegraf-trim + nightly cron prune rows older than
postgres.telegraf.retention_days (default 14)
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
Instead of exiting and requiring the user to rerun the script after
changing pcapengine to SURICATA, let the script continue to the
version check and upgrade.
- Warn users that undeleted Stenographer PCAP data will be inaccessible
and never automatically cleaned up if they switch to SURICATA without
deleting it first
- Require pcapengine to be set to SURICATA before allowing upgrade,
with clear messaging when the user declines to change it
- Skip upgrade if already running Security Onion 3.x.x
- Add interactive prompts to delete Stenographer PCAP data (with double confirmation) and change pcapengine to SURICATA
- Direct users to SOC Configuration UI instead of editing pillar files directly
- Consolidate TRANSITION and STENO cases to reduce repeated code
Mike Reeves
Mike Reeves
Josh Patterson
Jorge Reyes
Doug Burks
Jason Ertel
Jason Ertel
Josh Brower