CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Only enable curator on Manager in true cluster

Browse Source
This commit is contained in:
Mike Reeves
2021-08-31 16:56:08 -04:00
parent e09aa4e5d4
commit 61ebedc0e9
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/curator/files/action/so-infoblox-warm.yml
View File

@@ -1,4 +1,4 @@
{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-aws:warm', 7) -%}
{%- set WARM_DAYS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:warm', 7) -%}
actions:
1:
action: allocation
@@ -14,7 +14,7 @@ actions:
filters:
- filtertype: pattern
kind: prefix
value: so-aws
value: so-infoblox
- filtertype: age
source: name
direction: older

6
salt/curator/files/action/so-kibana-close.yml
View File

@@ -1,4 +1,4 @@
{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close', 30) -%}
{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-kibana:close', 30) -%}
---
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
@@ -10,7 +10,7 @@ actions:
1:
action: close
description: >-
Close IDS indices older than {{cur_close_days}} days.
Close kibana indices older than {{cur_close_days}} days.
options:
delete_aliases: False
timeout_override:
@@ -19,7 +19,7 @@ actions:
filters:
- filtertype: pattern
kind: regex
value: '^(logstash-ids.*|so-ids.*)$'
value: '^(logstash-kibana.*|so-kibana.*)$'
- filtertype: age
source: name
direction: older

4
salt/curator/init.sls
View File

@@ -207,7 +207,7 @@ so-curatorclusterclose:
so-curatorclusterdelete:
cron.present:
- name: /usr/sbin/so-curator-cluster-delete > /opt/so/log/curator/cron-close.log 2>&1
- name: /usr/sbin/so-curator-cluster-delete > /opt/so/log/curator/cron-delete.log 2>&1
- user: root
- minute: '2'
- hour: '*/1'
@@ -217,7 +217,7 @@ so-curatorclusterdelete:
{% if HOTWARM is sameas true %}
so-curatorclusterwarm:
cron.present:
- name: /usr/sbin/so-curator-cluster-warm > /opt/so/log/curator/cron-close.log 2>&1
- name: /usr/sbin/so-curator-cluster-warm > /opt/so/log/curator/cron-warm.log 2>&1
- user: root
- minute: '2'
- hour: '*/1'