mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-25 18:33:37 +01:00
25 lines
1.3 KiB
Django/Jinja
25 lines
1.3 KiB
Django/Jinja
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
https://securityonion.net/license; you may not use this file except in compliance with the
|
|
Elastic License 2.0. #}
|
|
|
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
|
{% import_yaml 'telegraf/defaults.yaml' as TELEGRAFDEFAULTS %}
|
|
{% set TELEGRAFMERGED = salt['pillar.get']('telegraf', TELEGRAFDEFAULTS.telegraf, merge=True) %}
|
|
|
|
{% if GLOBALS.role in ['so-eval', 'so-standalone', 'so-sensor', 'so-heavynode'] %}
|
|
{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
|
|
{# if the md engine isn't zeek or zeek is disabled, dont run the zeek scripts for telegraf #}
|
|
{% if GLOBALS.md_engine != 'ZEEK' or not ZEEKMERGED.enabled %}
|
|
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('zeekloss.sh') %}
|
|
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('zeekcaptureloss.sh') %}
|
|
{% endif %}
|
|
|
|
{% from 'pcap/config.map.jinja' import PCAPMERGED %}
|
|
{# PCAPMERGED.enabled is set false in soc ui or if suricata is the pcap engine #}
|
|
{% if not PCAPMERGED.enabled %}
|
|
{% do TELEGRAFMERGED.scripts[GLOBALS.role.split('-')[1]].remove('stenoloss.sh') %}
|
|
{% endif %}
|
|
|
|
{% endif %}
|