Directory Structure

/opt/so/conf

Applications read their configuration from /opt/so/conf/. However, please keep in mind that most config files are managed with Salt, so if you manually modify those config files, your changes may be overwritten at the next Salt update.

/opt/so/log

Debug logs are stored in /opt/so/log/.

/opt/so/rules

ElastAlert 2 and Suricata rules are stored in /opt/so/rules/.

/opt/so/saltstack/local

Custom Salt settings can be added to /opt/so/saltstack/local/.

/nsm

The vast majority of data is stored in /nsm/.

/nsm/zeek

Zeek writes its protocol logs to /nsm/zeek/.

/nsm/elasticsearch

Elasticsearch stores its data in /nsm/elasticsearch/.

/nsm/pcap

Stenographer stores full packet capture in /nsm/pcap/.

/nsm/suripcap

Suricata stores full packet capture in /nsm/suripcap/.