mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-11 05:40:32 +02:00
Mike Reeves
9fe53d9ccc
High-cardinality inputs (docker, procstat, kafka) trigger ALTER TABLE ADD COLUMN on every new field name, and with all minions writing into a shared 'telegraf' schema the metric tables hit Postgres's 1600-column per-table ceiling quickly. Setting fields_as_jsonb and tags_as_jsonb on the postgresql output keeps metric tables fixed at (time, tag_id, fields jsonb) and tag tables at (tag_id, tags jsonb). - so-stats-show rewritten to use JSONB accessors ((fields->>'x')::numeric, tags->>'host', etc.) and cast memory/disk sizes to bigint so pg_size_pretty works - Drop regex/regexFailureMessage from telegraf_output SOC UI entry to match the convention upstream used when removing them from mdengine/pcapengine/pipeline; options: list drives validation
72 lines
2.7 KiB
YAML
72 lines
2.7 KiB
YAML
global:
|
|
soversion:
|
|
description: Current version of Security Onion.
|
|
global: True
|
|
readonly: True
|
|
managerip:
|
|
description: The IP address of the grid manager.
|
|
global: True
|
|
advanced: True
|
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
|
mdengine:
|
|
description: Which engine to use for meta data generation. Options are ZEEK and SURICATA.
|
|
options:
|
|
- ZEEK
|
|
- SURICATA
|
|
global: True
|
|
pcapengine:
|
|
description: Which engine to use for generating pcap. Currently only SURICATA is supported.
|
|
options:
|
|
- SURICATA
|
|
global: True
|
|
ids:
|
|
description: Which IDS engine to use. Currently only Suricata is supported.
|
|
global: True
|
|
readonly: True
|
|
advanced: True
|
|
url_base:
|
|
description: The base URL for the Security Onion Console. Must be accessible by all nodes in the grid, as well as all analysts. Also used for handling of authentication cookies. Can be an IP address or a hostname/FQDN. Do not include protocol (http/https) or port number.
|
|
global: True
|
|
airgap:
|
|
description: Airgapped systems do not have network connectivity to the internet. This setting represents how this grid was configured during initial setup. While it is technically possible to manually switch systems between airgap and non-airgap, there are some nuances and additional steps involved. For that reason this setting is marked read-only. Contact your support representative for guidance if there is a need to change this setting.
|
|
global: True
|
|
readonly: True
|
|
imagerepo:
|
|
description: Image repo to pull image from.
|
|
global: True
|
|
advanced: True
|
|
pipeline:
|
|
description: Sets which pipeline technology for events to use. The use of Kafka requires a Security Onion Pro license.
|
|
options:
|
|
- REDIS
|
|
- KAFKA
|
|
global: True
|
|
advanced: True
|
|
repo_host:
|
|
description: Specify the host where operating system packages will be served from.
|
|
global: True
|
|
advanced: True
|
|
registry_host:
|
|
description: Specify the host where docker/podman images will be pulled from.
|
|
global: True
|
|
advanced: True
|
|
influxdb_host:
|
|
description: Specify the host where influxdb is hosted.
|
|
global: True
|
|
advanced: True
|
|
endgamehost:
|
|
description: Allows use of Endgame with Security Onion. This feature requires a license from Endgame.
|
|
global: True
|
|
advanced: True
|
|
telegraf_output:
|
|
description: Selects the backend(s) Telegraf writes metrics to. INFLUXDB keeps the current behavior; POSTGRES writes to the grid's Postgres instance; BOTH dual-writes for migration validation.
|
|
options:
|
|
- INFLUXDB
|
|
- POSTGRES
|
|
- BOTH
|
|
global: True
|
|
advanced: True
|
|
helpLink: influxdb
|
|
|