diff --git a/scripts/install.sh b/scripts/install.sh
index c2513ab..9572564 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -162,28 +162,45 @@ update_ossec_conf_macos() {
info_message "Updating $OSSEC_CONF_PATH"
if [[ $ARCH == "arm64" ]]; then
+ # ARM (M1) specific Snort configuration
content_to_add="
-
- snort-full
- /var/log/snort/alert_fast.txt
- "
+
+ snort-full
+ /var/log/snort/alert_fast.txt
+"
+
+ # Check and add Snort config if not present
+ if ! sudo grep -q "$content_to_add" "$OSSEC_CONF_PATH"; then
+ sudo sed -i '' -e "/<\/ossec_config>/i\\
+\\
+\\
+ snort-full\\
+ /var/log/snort/alert_fast.txt\\
+" "$OSSEC_CONF_PATH"
+ success_message "ossec.conf updated on macOS ARM (M1)"
+ else
+ info_message "The content already exists in $OSSEC_CONF_PATH"
+ fi
else
+ # Intel specific Snort configuration
content_to_add="
-
- snort-full
- /usr/local/var/log/snort/alert_fast.txt
- "
- fi
-
- if ! grep -q "$content_to_add" "$OSSEC_CONF_PATH"; then
- maybe_sudo sed -i '' "/<\/ossec_config>/i\\
+
+ snort-full<\/log_format>
+ \/usr\/local\/var\/log\/snort\/alert_fast.txt<\/location>
+<\/localfile>"
+
+ # Check and add Snort config if not present
+ if ! grep -q "$content_to_add" "$OSSEC_CONF_PATH"; then
+ maybe_sudo sed -i '' "/<\/ossec_config>/i\\
$content_to_add" "$OSSEC_CONF_PATH"
- success_message "ossec.conf updated on macOS"
- else
- info_message "The content already exists in $OSSEC_CONF_PATH"
+ success_message "ossec.conf updated on macOS Intel"
+ else
+ info_message "The content already exists in $OSSEC_CONF_PATH"
+ fi
fi
}
+
# Function to start Snort on macOS
start_snort_macos() {
info_message "Starting Snort"