mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-10 13:20:30 +02:00
Mike Reeves
acc9b8062e
Removes all Strelka container salt states and infrastructure references, replaced by the native fileanalyze module in sensoroni. Removed: - salt/strelka/ directory (all container states, configs, tools) - Docker container definitions for 6 Strelka containers - Firewall rules for strelka_frontend - Container references in containers.map.jinja - top.sls and allowed_states references to strelka/strelka.manager - so-minion add_strelka_to_minion() function and call sites - so-deny strelka_frontend entry - Logstash strelka bind mount - Logrotate strelka config - Telegraf strelka file monitoring - so-sensor-clean strelka cleanup - so-image-common strelka container images Kept (still needed): - Elasticsearch index/ingest pipeline (ingests fileanalyze output) - Elastic agent/fleet log collection config - SOC strelkaengine (YARA rule management) - Kibana saved objects (dashboards)
249 lines
4.8 KiB
YAML
249 lines
4.8 KiB
YAML
logrotate:
|
|
config:
|
|
/opt/so/log/nginx/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/soc/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/kratos/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/hydra/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/kibana/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/influxdb/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/elastalert/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/soctopus/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/elasticsearch/*indices-delete*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/elasticagent/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/elasticagent/*_x_ndjson:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .ndjson
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/elasticfleet/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/elasticfleet/*_x_ndjson:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .ndjson
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/suricata/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/mysql/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/telegraf/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/redis/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/sensoroni/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/salt/so-salt-minion-check:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/salt/minion:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/salt/master:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/nsm/idh/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
/opt/so/log/playbook/*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- copytruncate
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday
|
|
- su root socore
|
|
/opt/so/log/sensor_clean_x_log:
|
|
- daily
|
|
- rotate 2
|
|
- missingok
|
|
- nocompress
|
|
- create
|
|
- sharedscripts
|
|
/opt/so/log/agents/agent-monitor*_x_log:
|
|
- daily
|
|
- rotate 14
|
|
- missingok
|
|
- compress
|
|
- create
|
|
- extension .log
|
|
- dateext
|
|
- dateyesterday |