Replies: 3 comments
-
|
soversion: 2.3.1 |
Beta Was this translation helpful? Give feedback.
-
|
There is no automated process that touches global.sls. The only time this would be modified would be when running soup and only specific values get updated such as soversion. Do the wazuh logs give any clues? |
Beta Was this translation helpful? Give feedback.
-
|
It's getting touched regularly by something. It happens every 15 mins: #ls -ltr dateMon Oct 26 14:41:59 UTC 2020 pwd/opt/so/saltstack/local/pillar #ls -ltr -rw-r--r--. 1 socore socore 2465 Oct 26 14:43 global.sls Here is the /var/ossec/logs/ossec.log from today: 2020/10/26 09:10:18 wazuh-modulesd:syscollector: INFO: Evaluation finished. /nsm/wazuh/logs/ossec.log: 2020/10/26 00:00:10 ossec-monitord: INFO: Starting new log after rotation. |
Beta Was this translation helpful? Give feedback.
-
Some automated process ran this morning and removed all my bpf filters in /opt/so/saltstack/local/pillar/global.sts . Suricata, zeek and steno all seem to still have the bpf setttings, but the global.sts has a new time stamp and the suricate, zeek and steno sections are gone. I cannot seem to find what caused this in the logs. Any ideas why this would happen?
Beta Was this translation helpful? Give feedback.
All reactions