ensure max-files is 1 at minimum

Merge pull request #15725 from Security-Onion-Solutions/3/main
License Link to dev
2026-04-09 22:32:35 +02:00 · 2026-04-08 14:59:05 -04:00 · 2026-04-06 10:59:22 -04:00 · 2026-04-06 10:24:04 -04:00 · 2026-04-06 10:12:37 -04:00
2 changed files with 2 additions and 2 deletions
--- a/salt/suricata/map.jinja
+++ b/salt/suricata/map.jinja
@@ -33,7 +33,7 @@
 {%   do SURICATAMERGED.config.outputs['pcap-log'].update({'conditional': SURICATAMERGED.pcap.conditional}) %}
 {%   do SURICATAMERGED.config.outputs['pcap-log'].update({'dir': SURICATAMERGED.pcap.dir}) %}
 {#   multiply maxsize by 1000 since it is saved in GB, i.e. 52 = 52000MB. filesize is also saved in MB and we strip the MB and convert to int #}
-{%   set maxfiles = (SURICATAMERGED.pcap.maxsize * 1000 / (SURICATAMERGED.pcap.filesize[:-2] | int) / SURICATAMERGED.config['af-packet'].threads | int) | round | int %}
+{%   set maxfiles = ([1, (SURICATAMERGED.pcap.maxsize * 1000 / (SURICATAMERGED.pcap.filesize[:-2] | int) / SURICATAMERGED.config['af-packet'].threads | int) | round(0, 'ceil') | int] | max) %}
 {%   do SURICATAMERGED.config.outputs['pcap-log'].update({'max-files': maxfiles}) %}
 {% endif %}

--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -5,7 +5,7 @@ zeek:
    helpLink: zeek
  ja4plus:
    enabled:
-      description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license  [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."
+      description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license  [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE)."
      forcedType: bool
      helpLink: zeek
      advanced: False
Author	SHA1	Message	Date
Josh Patterson	2166bb749a	ensure max-files is 1 at minimum	2026-04-08 14:59:05 -04:00
Mike Reeves	88de246ce3	Merge pull request #15725 from Security-Onion-Solutions/3/main License Link to dev	2026-04-06 10:59:22 -04:00
Mike Reeves	3643b57167	Merge pull request #15724 from Security-Onion-Solutions/TOoSmOotH-patch-2 Fix JA4+ license link in soc_zeek.yaml	2026-04-06 10:24:04 -04:00
Mike Reeves	5b3ca98b80	Fix JA4+ license link in soc_zeek.yaml Updated the license link in the JA4+ fingerprinting description.	2026-04-06 10:12:37 -04:00