From 9c2f7d574d36f41d5e1b948627747d7f25a15275 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Jul 2020 11:19:02 -0400 Subject: [PATCH] Add ES settings to pillar --- .../templates/so/so-beats-template.json | 10 ++++++++++ .../templates/so/so-firewall-template.json | 10 ++++++++++ .../templates/so/so-ids-template.json | 10 ++++++++++ .../templates/so/so-import-template.json | 10 ++++++++++ .../templates/so/so-osquery-template.json | 10 ++++++++++ .../templates/so/so-ossec-template.json | 10 ++++++++++ .../templates/so/so-strelka-template.json | 10 ++++++++++ .../templates/so/so-syslog-template.json | 10 ++++++++++ setup/so-functions | 20 ++++++++++++++++++- 9 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 salt/logstash/pipelines/templates/so/so-beats-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-firewall-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-ids-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-import-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-osquery-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-ossec-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-strelka-template.json create mode 100644 salt/logstash/pipelines/templates/so/so-syslog-template.json diff --git a/salt/logstash/pipelines/templates/so/so-beats-template.json b/salt/logstash/pipelines/templates/so/so-beats-template.json new file mode 100644 index 000000000..48459bc7a --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-beats-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-beats-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-firewall-template.json b/salt/logstash/pipelines/templates/so/so-firewall-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-firewall-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-ids-template.json b/salt/logstash/pipelines/templates/so/so-ids-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-ids-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-import-template.json b/salt/logstash/pipelines/templates/so/so-import-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-import-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-osquery-template.json b/salt/logstash/pipelines/templates/so/so-osquery-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-osquery-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-ossec-template.json b/salt/logstash/pipelines/templates/so/so-ossec-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-ossec-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-strelka-template.json b/salt/logstash/pipelines/templates/so/so-strelka-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-strelka-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/salt/logstash/pipelines/templates/so/so-syslog-template.json b/salt/logstash/pipelines/templates/so/so-syslog-template.json new file mode 100644 index 000000000..61a95c0e7 --- /dev/null +++ b/salt/logstash/pipelines/templates/so/so-syslog-template.json @@ -0,0 +1,10 @@ +{ + "index_patterns": ["so-zeek-*"], + "version":50001, + "order" : 11, + "settings":{ + "number_of_replicas":0, + "number_of_shards":1, + "index.refresh_interval":"30s" + } +} diff --git a/setup/so-functions b/setup/so-functions index 5bbb319eb..68bd349bd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1068,10 +1068,28 @@ elasticsearch_pillar() { " log_size_limit: $log_size_limit"\ " cur_close_days: $CURCLOSEDAYS"\ " route_type: hot"\ + " replicas: 0"\ + " true_cluster: False" + " true_cluster_name: so" " index_settings:"\ + " so-beats:"\ + " shards: 1"\ + " so-firewall:"\ + " shards: 1"\ + " so-ids:"\ + " shards: 1"\ + " so-import:"\ + " shards: 1"\ + " so-osquery:"\ + " shards: 1"\ + " so-ossec:"\ + " shards: 1"\ + " so-strelka:"\ + " shards: 1"\ + " so-syslog:"\ + " shards: 1"\ " so-zeek:"\ " shards: 5"\ - " replicas: 0"\ "" >> "$pillar_file" if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then