Merge pull request #11907 from Security-Onion-Solutions/fix/curator_close

Curator close fixes
2025-12-06 17:22:49 +01:00 · 2023-11-30 11:05:49 -05:00
parent 317b6cb614 a605c5c62c
commit 32b03f514e
43 changed files with 49 additions and 8 deletions
--- a/salt/curator/files/action/delete.yml
+++ b/salt/curator/files/action/delete.yml
@@ -15,6 +15,7 @@ actions:
    description: >-
      Delete indices when {{log_size_limit}}(GB) is exceeded.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/logs-import-so-close.yml
+++ b/salt/curator/files/action/logs-import-so-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close import indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/logs-import-so-delete.yml
+++ b/salt/curator/files/action/logs-import-so-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete import indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/logs-strelka-so-close.yml
+++ b/salt/curator/files/action/logs-strelka-so-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Strelka indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/logs-strelka-so-delete.yml
+++ b/salt/curator/files/action/logs-strelka-so-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete Strelka indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/logs-suricata-so-close.yml
+++ b/salt/curator/files/action/logs-suricata-so-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Suricata indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/logs-suricata-so-delete.yml
+++ b/salt/curator/files/action/logs-suricata-so-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete Suricata indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/logs-syslog-so-close.yml
+++ b/salt/curator/files/action/logs-syslog-so-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close syslog indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/logs-syslog-so-delete.yml
+++ b/salt/curator/files/action/logs-syslog-so-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete syslog indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/logs-zeek-so-close.yml
+++ b/salt/curator/files/action/logs-zeek-so-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Zeek indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/logs-zeek-so-delete.yml
+++ b/salt/curator/files/action/logs-zeek-so-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete Zeek indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-beats-close.yml
+++ b/salt/curator/files/action/so-beats-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Beats indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-beats-delete.yml
+++ b/salt/curator/files/action/so-beats-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete beats indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-elasticsearch-close.yml
+++ b/salt/curator/files/action/so-elasticsearch-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close elasticsearch indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-elasticsearch-delete.yml
+++ b/salt/curator/files/action/so-elasticsearch-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete elasticsearch indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-firewall-close.yml
+++ b/salt/curator/files/action/so-firewall-close.yml
@@ -11,6 +11,7 @@ actions:
    description: >-
      Close Firewall indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-firewall-delete.yml
+++ b/salt/curator/files/action/so-firewall-delete.yml
@@ -11,6 +11,7 @@ actions:
    description: >-
      Delete firewall indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-ids-close.yml
+++ b/salt/curator/files/action/so-ids-close.yml
@@ -11,6 +11,7 @@ actions:
    description: >-
      Close IDS indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-ids-delete.yml
+++ b/salt/curator/files/action/so-ids-delete.yml
@@ -11,6 +11,7 @@ actions:
    description: >-
      Delete IDS indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-import-close.yml
+++ b/salt/curator/files/action/so-import-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Import indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-import-delete.yml
+++ b/salt/curator/files/action/so-import-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete import indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-kibana-close.yml
+++ b/salt/curator/files/action/so-kibana-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close kibana indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-kibana-delete.yml
+++ b/salt/curator/files/action/so-kibana-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete kibana indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-kratos-close.yml
+++ b/salt/curator/files/action/so-kratos-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close kratos indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-kratos-delete.yml
+++ b/salt/curator/files/action/so-kratos-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete kratos indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-logstash-close.yml
+++ b/salt/curator/files/action/so-logstash-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close logstash indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-logstash-delete.yml
+++ b/salt/curator/files/action/so-logstash-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete logstash indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-netflow-close.yml
+++ b/salt/curator/files/action/so-netflow-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close netflow indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-netflow-delete.yml
+++ b/salt/curator/files/action/so-netflow-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete netflow indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-osquery-close.yml
+++ b/salt/curator/files/action/so-osquery-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close osquery indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-osquery-delete.yml
+++ b/salt/curator/files/action/so-osquery-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete import indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-ossec-close.yml
+++ b/salt/curator/files/action/so-ossec-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close ossec indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-ossec-delete.yml
+++ b/salt/curator/files/action/so-ossec-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete ossec indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-redis-close.yml
+++ b/salt/curator/files/action/so-redis-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close redis indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-redis-delete.yml
+++ b/salt/curator/files/action/so-redis-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete redis indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-strelka-close.yml
+++ b/salt/curator/files/action/so-strelka-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Strelka indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-strelka-delete.yml
+++ b/salt/curator/files/action/so-strelka-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete Strelka indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-syslog-close.yml
+++ b/salt/curator/files/action/so-syslog-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close syslog indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-syslog-delete.yml
+++ b/salt/curator/files/action/so-syslog-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete syslog indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/files/action/so-zeek-close.yml
+++ b/salt/curator/files/action/so-zeek-close.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Close Zeek indices older than {{cur_close_days}} days.
    options:
+      allow_ilm_indices: True
      delete_aliases: False
      timeout_override:
      ignore_empty_list: True
--- a/salt/curator/files/action/so-zeek-delete.yml
+++ b/salt/curator/files/action/so-zeek-delete.yml
@@ -10,6 +10,7 @@ actions:
    description: >-
      Delete Zeek indices when older than {{ DELETE_DAYS }} days.
    options:
+      allow_ilm_indices: True
      ignore_empty_list: True
      disable_action: False
    filters:
--- a/salt/curator/tools/sbin/so-curator-close
+++ b/salt/curator/tools/sbin/so-curator-close
@@ -26,7 +26,7 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; 
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1;
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-import-so-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-so-close.yml > /dev/null 2>&1;
--- a/salt/curator/tools/sbin/so-curator-cluster-close
+++ b/salt/curator/tools/sbin/so-curator-cluster-close
@@ -24,7 +24,7 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; 
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1;
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-import-so-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-so-close.yml > /dev/null 2>&1;