mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-27 06:57:50 +02:00
Mike Reeves
3ecd19d085
The Telegraf backend selector lived at global.telegraf_output but it is
a Telegraf-scoped setting, not a cross-cutting grid global. Move both
the value and the UI annotation under the telegraf pillar so it shows
up alongside the other Telegraf tuning knobs in the Configuration UI.
- salt/telegraf/defaults.yaml: add telegraf.output: BOTH
- salt/telegraf/soc_telegraf.yaml: add telegraf.output annotation
- salt/global/defaults.yaml: remove global.telegraf_output
- salt/global/soc_global.yaml: remove global.telegraf_output annotation
- salt/vars/globals.map.jinja: drop telegraf_output from GLOBALS
- salt/firewall/map.jinja: read via pillar.get('telegraf:output')
- salt/postgres/telegraf_users.sls: read via pillar.get('telegraf:output')
- salt/telegraf/etc/telegraf.conf: read via TELEGRAFMERGED.output
- salt/postgres/tools/sbin/so-stats-show: update user-facing docs
No behavioral change — default stays BOTH.
64 lines
2.4 KiB
YAML
64 lines
2.4 KiB
YAML
global:
|
|
soversion:
|
|
description: Current version of Security Onion.
|
|
global: True
|
|
readonly: True
|
|
managerip:
|
|
description: The IP address of the grid manager.
|
|
global: True
|
|
advanced: True
|
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
|
mdengine:
|
|
description: Which engine to use for meta data generation. Options are ZEEK and SURICATA.
|
|
options:
|
|
- ZEEK
|
|
- SURICATA
|
|
global: True
|
|
pcapengine:
|
|
description: Which engine to use for generating pcap. Currently only SURICATA is supported.
|
|
options:
|
|
- SURICATA
|
|
global: True
|
|
ids:
|
|
description: Which IDS engine to use. Currently only Suricata is supported.
|
|
global: True
|
|
readonly: True
|
|
advanced: True
|
|
url_base:
|
|
description: The base URL for the Security Onion Console. Must be accessible by all nodes in the grid, as well as all analysts. Also used for handling of authentication cookies. Can be an IP address or a hostname/FQDN. Do not include protocol (http/https) or port number.
|
|
global: True
|
|
airgap:
|
|
description: Airgapped systems do not have network connectivity to the internet. This setting represents how this grid was configured during initial setup. While it is technically possible to manually switch systems between airgap and non-airgap, there are some nuances and additional steps involved. For that reason this setting is marked read-only. Contact your support representative for guidance if there is a need to change this setting.
|
|
global: True
|
|
readonly: True
|
|
imagerepo:
|
|
description: Image repo to pull image from.
|
|
global: True
|
|
advanced: True
|
|
pipeline:
|
|
description: Sets which pipeline technology for events to use. The use of Kafka requires a Security Onion Pro license.
|
|
options:
|
|
- REDIS
|
|
- KAFKA
|
|
global: True
|
|
advanced: True
|
|
repo_host:
|
|
description: Specify the host where operating system packages will be served from.
|
|
global: True
|
|
advanced: True
|
|
registry_host:
|
|
description: Specify the host where docker/podman images will be pulled from.
|
|
global: True
|
|
advanced: True
|
|
influxdb_host:
|
|
description: Specify the host where influxdb is hosted.
|
|
global: True
|
|
advanced: True
|
|
endgamehost:
|
|
description: Allows use of Endgame with Security Onion. This feature requires a license from Endgame.
|
|
global: True
|
|
advanced: True
|
|
helpLink: influxdb
|
|
|