mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-16 09:42:11 +02:00
cefbe01333
Introduces global.telegraf_output (INFLUXDB|POSTGRES|BOTH, default BOTH) so Telegraf can write metrics to Postgres alongside or instead of InfluxDB. Each minion authenticates with its own so_telegraf_<minion> role and writes to a matching schema inside a shared so_telegraf database, keeping blast radius per-credential to that minion's data. - Per-minion credentials auto-generated and persisted in postgres/auth.sls - postgres/telegraf_users.sls reconciles roles/schemas on every apply - Firewall opens 5432 only to minion hostgroups when Postgres output is active - Reactor on salt/auth + orch/telegraf_postgres_sync.sls provision new minions automatically on key accept - soup post_to_3.1.0 backfills users for existing minions on upgrade - so-show-stats prints latest CPU/mem/disk/load per minion for sanity checks - so-telegraf-trim + nightly cron prune rows older than postgres.telegraf.retention_days (default 14)
17 lines
379 B
YAML
17 lines
379 B
YAML
postgres:
|
|
enabled: True
|
|
telegraf:
|
|
retention_days: 14
|
|
config:
|
|
listen_addresses: '*'
|
|
port: 5432
|
|
max_connections: 100
|
|
shared_buffers: 256MB
|
|
ssl: 'on'
|
|
ssl_cert_file: '/conf/postgres.crt'
|
|
ssl_key_file: '/conf/postgres.key'
|
|
ssl_ca_file: '/conf/ca.crt'
|
|
log_destination: 'stderr'
|
|
logging_collector: 'off'
|
|
log_min_messages: 'warning'
|