From 1ac3a2d2f1436d4dfb7c27d9902ed7edc55f6919 Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 7 Dec 2023 13:51:24 +0000 Subject: [PATCH] Remove delete files and allow deletion of indices managed by ILM --- salt/curator/files/action/delete.yml | 1 + .../logs-elastic_agent-default-delete.yaml | 27 ------------------- ...elastic_agent-filebeat-default-delete.yaml | 27 ------------------- ...tic_agent-fleet_server-default-delete.yaml | 27 ------------------- ...astic_agent-metricbeat-default-delete.yaml | 27 ------------------- ...stic_agent-osquerybeat-default-delete.yaml | 27 ------------------- ...logs-elastic_agent-osquerybeat-delete.yaml | 27 ------------------- .../files/action/logs-import-so-delete.yml | 27 ------------------- .../files/action/logs-strelka-so-delete.yml | 27 ------------------- .../files/action/logs-suricata-so-delete.yml | 27 ------------------- .../files/action/logs-syslog-so-delete.yml | 27 ------------------- ...ogs-system-application-default-delete.yaml | 27 ------------------- .../logs-system-auth-default-delete.yaml | 27 ------------------- .../logs-system-security-default-delete.yaml | 27 ------------------- .../logs-system-syslog-default-delete.yaml | 27 ------------------- .../logs-system-system-default-delete.yaml | 27 ------------------- ...ogs-windows-powershell-default-delete.yaml | 27 ------------------- ...ows-sysmon_operational-default-delete.yaml | 27 ------------------- .../files/action/logs-zeek-so-delete.yml | 27 ------------------- 19 files changed, 1 insertion(+), 486 deletions(-) delete mode 100644 salt/curator/files/action/logs-elastic_agent-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-filebeat-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-fleet_server-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-metricbeat-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-osquerybeat-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-elastic_agent-osquerybeat-delete.yaml delete mode 100644 salt/curator/files/action/logs-import-so-delete.yml delete mode 100644 salt/curator/files/action/logs-strelka-so-delete.yml delete mode 100644 salt/curator/files/action/logs-suricata-so-delete.yml delete mode 100644 salt/curator/files/action/logs-syslog-so-delete.yml delete mode 100644 salt/curator/files/action/logs-system-application-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-system-auth-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-system-security-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-system-syslog-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-system-system-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-windows-powershell-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-windows-sysmon_operational-default-delete.yaml delete mode 100644 salt/curator/files/action/logs-zeek-so-delete.yml diff --git a/salt/curator/files/action/delete.yml b/salt/curator/files/action/delete.yml index c81a9e548..253c6fd67 100644 --- a/salt/curator/files/action/delete.yml +++ b/salt/curator/files/action/delete.yml @@ -15,6 +15,7 @@ actions: description: >- Delete indices when {{log_size_limit}}(GB) is exceeded. options: + allow_ilm_indices: True ignore_empty_list: True disable_action: False filters: diff --git a/salt/curator/files/action/logs-elastic_agent-default-delete.yaml b/salt/curator/files/action/logs-elastic_agent-default-delete.yaml deleted file mode 100644 index dee51c758..000000000 --- a/salt/curator/files/action/logs-elastic_agent-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-elastic_agent-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent default indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-elastic_agent-filebeat-default-delete.yaml b/salt/curator/files/action/logs-elastic_agent-filebeat-default-delete.yaml deleted file mode 100644 index dfa51f260..000000000 --- a/salt/curator/files/action/logs-elastic_agent-filebeat-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-elastic_agent-filebeat-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent Filebeat indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.filebeat-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-elastic_agent-fleet_server-default-delete.yaml b/salt/curator/files/action/logs-elastic_agent-fleet_server-default-delete.yaml deleted file mode 100644 index 6fa775ba8..000000000 --- a/salt/curator/files/action/logs-elastic_agent-fleet_server-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-elastic_agent-fleet_server-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete import indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.fleet_server-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-elastic_agent-metricbeat-default-delete.yaml b/salt/curator/files/action/logs-elastic_agent-metricbeat-default-delete.yaml deleted file mode 100644 index c69e1130a..000000000 --- a/salt/curator/files/action/logs-elastic_agent-metricbeat-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-elastic_agent-metricbeat-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent Metricbeat indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.metricbeat-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-elastic_agent-osquerybeat-default-delete.yaml b/salt/curator/files/action/logs-elastic_agent-osquerybeat-default-delete.yaml deleted file mode 100644 index bce3b7e63..000000000 --- a/salt/curator/files/action/logs-elastic_agent-osquerybeat-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-elastic_agent-osquerybeat-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent Osquerybeat indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-elastic_agent.osquerybeat-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-elastic_agent-osquerybeat-delete.yaml b/salt/curator/files/action/logs-elastic_agent-osquerybeat-delete.yaml deleted file mode 100644 index b46a5fc73..000000000 --- a/salt/curator/files/action/logs-elastic_agent-osquerybeat-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-import-so'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete import indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-import-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-import-so-delete.yml b/salt/curator/files/action/logs-import-so-delete.yml deleted file mode 100644 index b46a5fc73..000000000 --- a/salt/curator/files/action/logs-import-so-delete.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-import-so'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete import indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-import-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-strelka-so-delete.yml b/salt/curator/files/action/logs-strelka-so-delete.yml deleted file mode 100644 index d01bdcc83..000000000 --- a/salt/curator/files/action/logs-strelka-so-delete.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-strelka-so'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Strelka indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-strelka-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-suricata-so-delete.yml b/salt/curator/files/action/logs-suricata-so-delete.yml deleted file mode 100644 index 765ba1293..000000000 --- a/salt/curator/files/action/logs-suricata-so-delete.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-suricata-so'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Suricata indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-suricata-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-syslog-so-delete.yml b/salt/curator/files/action/logs-syslog-so-delete.yml deleted file mode 100644 index 274d06711..000000000 --- a/salt/curator/files/action/logs-syslog-so-delete.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-syslog-so'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete syslog indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-syslog-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-system-application-default-delete.yaml b/salt/curator/files/action/logs-system-application-default-delete.yaml deleted file mode 100644 index b15c06fcb..000000000 --- a/salt/curator/files/action/logs-system-application-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-system-application-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent system application indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.application-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-system-auth-default-delete.yaml b/salt/curator/files/action/logs-system-auth-default-delete.yaml deleted file mode 100644 index 9a1cc6a9a..000000000 --- a/salt/curator/files/action/logs-system-auth-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-system-auth-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent system auth indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.auth-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-system-security-default-delete.yaml b/salt/curator/files/action/logs-system-security-default-delete.yaml deleted file mode 100644 index 0bac45aeb..000000000 --- a/salt/curator/files/action/logs-system-security-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-system-security-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent system security indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.security-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-system-syslog-default-delete.yaml b/salt/curator/files/action/logs-system-syslog-default-delete.yaml deleted file mode 100644 index 1a7d217e9..000000000 --- a/salt/curator/files/action/logs-system-syslog-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-system-syslog-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent system syslog indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.syslog-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-system-system-default-delete.yaml b/salt/curator/files/action/logs-system-system-default-delete.yaml deleted file mode 100644 index 4701d0492..000000000 --- a/salt/curator/files/action/logs-system-system-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-system-system-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent system system indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-system.system-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-windows-powershell-default-delete.yaml b/salt/curator/files/action/logs-windows-powershell-default-delete.yaml deleted file mode 100644 index 447f8102b..000000000 --- a/salt/curator/files/action/logs-windows-powershell-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-windows-powershell-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent Windows Powershell indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-windows.powershell-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-windows-sysmon_operational-default-delete.yaml b/salt/curator/files/action/logs-windows-sysmon_operational-default-delete.yaml deleted file mode 100644 index a1413bc1c..000000000 --- a/salt/curator/files/action/logs-windows-sysmon_operational-default-delete.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-windows-sysmon_operational-default'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Elastic Agent Windows Sysmon operational indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-windows.sysmon_operational-default.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - - diff --git a/salt/curator/files/action/logs-zeek-so-delete.yml b/salt/curator/files/action/logs-zeek-so-delete.yml deleted file mode 100644 index 5acfc50a7..000000000 --- a/salt/curator/files/action/logs-zeek-so-delete.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{%- set DELETE_DAYS = CURATORMERGED['logs-zeek-so'].delete %} -actions: - 1: - action: delete_indices - description: >- - Delete Zeek indices when older than {{ DELETE_DAYS }} days. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: regex - value: '^(.ds-logs-zeek-so.*)$' - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: {{ DELETE_DAYS }} - exclude: - -