set transport for ssl.established:false logs

Merge pull request #16008 from Security-Onion-Solutions/jertel/wip
support multiple capinfos versions
2026-06-26 20:28:09 +02:00 · 2026-06-25 14:18:43 -04:00 · 2026-06-25 10:19:56 -04:00 · 2026-06-24 13:41:53 -04:00 · 2026-06-23 16:07:30 -04:00
2 changed files with 7 additions and 3 deletions
@@ -5,6 +5,7 @@
    { "remove":   { "field": ["host"],     "ignore_failure": true } },
    { "json":             { "field": "message",                 "target_field": "message2",             "ignore_failure": true  } },
    { "rename":         { "field": "message2.version",          "target_field": "ssl.version",          "ignore_missing": true  } },
+    { "set":      { "description": "Set transport for the community_id processor", "if": "ctx.ssl?.version == null || !ctx.ssl.version.startsWith('DTLS')", "field": "network.transport", "value": "tcp", "ignore_failure": true } },
    { "rename":         { "field": "message2.cipher",           "target_field": "ssl.cipher",           "ignore_missing": true  } },
    { "rename":         { "field": "message2.curve",            "target_field": "ssl.curve",            "ignore_missing": true  } },
    { "rename":         { "field": "message2.server_name",      "target_field": "ssl.server_name",              "ignore_missing": true  } },
@@ -9,14 +9,17 @@
 # Make sure you are root before doing anything
 uid="$(id -u)"
 if [ "$uid" -ne 0 ]; then
-	echo "This script must be run using sudo!"
-	fail_setup
+	echo "This script must be run using sudo!" >&2
+	exit 1
 fi

 # Save the original argument array since we modify it
 original_args=("$@")

-cd "$(dirname "$0")" || fail_setup
+cd "$(dirname "$0")" || {
+	echo "Unable to change to setup directory" >&2
+	exit 1
+}

 echo "Getting started..."
Author	SHA1	Message	Date
Josh Brower	d0edfd2131	set transport for ssl.established:false logs	2026-06-25 14:18:43 -04:00
Jason Ertel	30312b93a6	Merge pull request #16008 from Security-Onion-Solutions/jertel/wip support multiple capinfos versions	2026-06-25 10:19:56 -04:00
Dan Marr	4d34470b84	Merge pull request #16005 from triggerman86/triggerman-fix-root_check-so-soup Fix premature fail_setup function call in so-setup	2026-06-24 13:41:53 -04:00
Dan Marr	81ebea0451	Fix non-root exit checks at start of so-setup	2026-06-23 16:07:30 -04:00