CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15009 from Security-Onion-Solutions/reyesj2/ea-alerter

Browse Source 
so-elastic-agent-monitor
This commit is contained in:
Jorge Reyes
2025-09-09 17:00:39 -05:00
committed by GitHub
parent d9e86c15bc 29980ea958
commit 0aa556e375
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticfleet/files/integrations/grid-nodes_general/elastic-agent-monitor.json
View File

@@ -19,7 +19,7 @@
"enabled": true, "enabled": true,
"vars": { "vars": {
"paths": [ "paths": [
"/opt/so/log/agents/agent-monitor-*.log" "/opt/so/log/agents/agent-monitor.log"
], ],
"data_stream.dataset": "agent-monitor", "data_stream.dataset": "agent-monitor",
"pipeline": "elasticagent.monitor", "pipeline": "elasticagent.monitor",

5
salt/manager/tools/sbin_jinja/so-elastic-agent-monitor
View File

@@ -145,6 +145,11 @@ main() {
offline_hours=$(calculate_offline_hours "$last_checkin") offline_hours=$(calculate_offline_hours "$last_checkin")
if [ "$offline_hours" -lt "$OFFLINE_THRESHOLD_HOURS" ]; then
log_message "INFO" "${agent_hostname^^} has been offline for ${offline_hours}h (threshold: ${OFFLINE_THRESHOLD_HOURS}h). Not logging ${agent_status^^} agent until it reaches threshold"
continue
fi
log_entry=$(echo 'null' | jq -c \ log_entry=$(echo 'null' | jq -c \
--arg ts "$current_timestamp" \ --arg ts "$current_timestamp" \
--arg id "$agent_id" \ --arg id "$agent_id" \