CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
securityonion/salt/suricata/suricata_config.map.jinja
Mike Reeves b4b449aa14 Pull in Suricata changes
2021-02-19 11:01:15 -05:00

70 lines
3.0 KiB
Django/Jinja
Raw Permalink Blame History

{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
{% import_yaml 'suricata/suricata_meta.yaml' as suricata_meta with context %}
{% from 'suricata/afpacket.map.jinja' import afpacket %}
{% set suricata_pillar = salt['pillar.get']('suricata:config', {}) %}
{% set default_evelog_index = [] %}
{% set default_filestore_index = [] %}
{% set surimeta_evelog_index = [] %}
{% set surimeta_filestore_index = [] %}
{% if salt['pillar.get']('sensor:hnsensor') %}
{% load_yaml as homenet %}
HOME_NET: "[{{salt['pillar.get']('sensor:hnsensor')}}]"
{% endload %}
{% else %}
{% load_yaml as homenet %}
HOME_NET: "[{{salt['pillar.get']('global:hnmanager', '')}}]"
{% endload %}
{% endif %}
{% set hardware_header = 15 %}
{% set default_packet_size = salt['grains.filter_by']({
'*_eval': {
'default-packet-size': salt['pillar.get']('sensor:mtu', 1500) + hardware_header,
},
'*_helixsensor': {
'default-packet-size': salt['pillar.get']('sensor:mtu', 9000) + hardware_header,
},
'*': {
'default-packet-size': salt['pillar.get']('sensor:mtu', 1500) + hardware_header,
},
},grain='id') %}
{# Find the index of eve-log so it can be updated later #}
{% for li in suricata_defaults.suricata.config.outputs %}
{% if 'eve-log' in li.keys() %}
{% do default_evelog_index.append(loop.index0) %}
{% endif %}
{% if 'file-store' in li.keys() %}
{% do default_filestore_index.append(loop.index0) %}
{% endif %}
{% endfor %}
{% set default_evelog_index = default_evelog_index[0] %}
{% set default_filestore_index = default_filestore_index[0] %}
{# Find the index of eve-log so it can be grabbed later #}
{% for li in suricata_meta.suricata.config.outputs %}
{% if 'eve-log' in li.keys() %}
{% do surimeta_evelog_index.append(loop.index0) %}
{% endif %}
{% if 'file-store' in li.keys() %}
{% do surimeta_filestore_index.append(loop.index0) %}
{% endif %}
{% endfor %}
{% set surimeta_evelog_index = surimeta_evelog_index[0] %}
{% set surimeta_filestore_index = surimeta_filestore_index[0] %}
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %}
{% do suricata_defaults.suricata.config.outputs[default_evelog_index]['eve-log'].types.extend(suricata_meta.suricata.config.outputs[surimeta_evelog_index]['eve-log'].types) %}
{% do suricata_defaults.suricata.config.outputs[default_filestore_index]['file-store'].update({'enabled':suricata_meta.suricata.config.outputs[surimeta_filestore_index]['file-store']['enabled']}) %}
{% endif %}
{% do suricata_defaults.suricata.config.update(default_packet_size) %}
{% do suricata_defaults.suricata.config.update(afpacket) %}
{% do suricata_defaults.suricata.config.vars['address-groups'].update(homenet) %}
{% if salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins', {})) %}
{% from 'suricata/threading.map.jinja' import cpu_affinity with context %}
{% do suricata_defaults.suricata.config.threading.update(cpu_affinity) %}
{% endif %}
{% do salt['defaults.merge'](suricata_defaults.suricata.config, suricata_pillar, in_place=True) %}
Reference in New Issue View Git Blame Copy Permalink