Fix Zeek/Suricata on AWS

2021-01-13 12:05:16 -08:00
parent 02cee91fe3
commit ab9dd9487c
2 changed files with 12 additions and 5 deletions
--- a/Vagrant/logger_bootstrap.sh
+++ b/Vagrant/logger_bootstrap.sh
@@ -377,11 +377,17 @@ install_zeek() {
  crudini --set $NODECFG proxy host localhost

  # Setup $CPUS numbers of Zeek workers
-  crudini --set $NODECFG worker-eth0 type worker
-  crudini --set $NODECFG worker-eth0 host localhost
-  crudini --set $NODECFG worker-eth0 interface eth0
-  crudini --set $NODECFG worker-eth0 lb_method pf_ring
-  crudini --set $NODECFG worker-eth0 lb_procs "$(nproc)"
+  # AWS only has a single interface (eth1), so don't monitor eth0 if we're in AWS
+  if ! curl -s 169.254.169.254 --connect-timeout 2 >/dev/null; then 
+  # TL;DR of ^^^: if you can't reach the AWS metadata service, you're not running in AWS
+  # Therefore, it's ok to add this.
+    crudini --set $NODECFG worker-eth0 type worker
+    crudini --set $NODECFG worker-eth0 host localhost
+    crudini --set $NODECFG worker-eth0 interface eth0
+    crudini --set $NODECFG worker-eth0 lb_method pf_ring
+    crudini --set $NODECFG worker-eth0 lb_procs "$(nproc)"
+  fi
+  
  crudini --set $NODECFG worker-eth1 type worker
  crudini --set $NODECFG worker-eth1 host localhost
  crudini --set $NODECFG worker-eth1 interface eth1