Directory Structure¶

/opt/so/conf¶

Applications read their configuration from /opt/so/conf/. However, please keep in mind that most config files are managed with Salt, so if you manually modify those config files, your changes may be overwritten at the next Salt update.

/opt/so/log¶

Debug logs are stored in /opt/so/log/.

/opt/so/rules¶

ElastAlert and Suricata rules are stored in /opt/so/rules/.

/opt/so/saltstack/local¶

Custom Salt settings can be added to /opt/so/saltstack/local/.

/nsm¶

The vast majority of data is stored in /nsm/.

/nsm/zeek¶

Zeek writes its protocol logs to /nsm/zeek/.

/nsm/elasticsearch¶

Elasticsearch stores its data in /nsm/elasticsearch/.

/nsm/pcap¶

Stenographer stores full packet capture in /nsm/pcap/.