Merge pull request #40 from branchnetconsulting/patch-1

Do not allocate 9200, 9300, or 9600 to snort_agent
Security-Onion-Solutions · Dec 26, 2018 · 8206b3d · 8206b3d
2 parents e1e007f + 84fd406
commit 8206b3d
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/bin/sosetup b/bin/sosetup
@@ -1328,6 +1328,11 @@ for INTERFACE in $ALL_INTERFACES; do
 	# Increment the Barnyard2 port number by 100
 	let BY2PORT=BY2PORT+100
 
+	# Skip over 9200-9600 as Elasticsearch uses 9200 & 9300 and Logstash uses 9600.
+	if [ "$BY2PORT" == "9200" ]; then
+		let BY2PORT=9700
+	fi
+
         # Copy our customized snort.conf (and associated files) into place
         cp /etc/nsm/templates/snort/attribute_table.dtd /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1
         cp /etc/nsm/templates/snort/snort.conf /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1