Merge pull request #9924 from Security-Onion-Solutions/fix/curator_action_file_system_syslog_delete

Fix Elastic Agent system syslog default delete file configuration

salt/curator/files/action/logs-system-auth-default-close.yaml

@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{%- set cur_close_days = CURATORMERGED['logs-system.auth-default'].close %}
+{%- set cur_close_days = CURATORMERGED['logs-system-auth-default'].close %}
 actions:
   1:
     action: close

salt/curator/files/action/logs-system-auth-default-delete.yaml

@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{%- set DELETE_DAYS = CURATORMERGED['logs-system.auth-default'].delete %}
+{%- set DELETE_DAYS = CURATORMERGED['logs-system-auth-default'].delete %}
 actions:
   1:
     action: delete_indices

salt/curator/files/action/logs-system-auth-syslog-close.yaml

@@ -1,27 +0,0 @@
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-{%- set cur_close_days = CURATORMERGED['logs-import-so'].close %}
-actions:
-  1:
-    action: close
-    description: >-
-      Close import indices older than {{cur_close_days}} days.
-    options:
-      delete_aliases: False
-      timeout_override:
-      continue_if_exception: False
-      disable_action: False
-    filters:
-    - filtertype: pattern
-      kind: regex 
-      value: '^(.ds-logs-import-so.*)$'
-    - filtertype: age
-      source: name
-      direction: older
-      timestring: '%Y.%m.%d'
-      unit: days
-      unit_count: {{cur_close_days}}
-      exclude:

salt/curator/files/action/logs-system-syslog-default-close.yaml

@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{%- set cur_close_days = CURATORMERGED['logs-system.syslog-default'].close %}
+{%- set cur_close_days = CURATORMERGED['logs-system-syslog-default'].close %}
 actions:
   1:
     action: close

salt/curator/files/action/logs-system-syslog-default-delete.yaml

@@ -3,19 +3,19 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{%- set DELETE_DAYS = CURATORMERGED['logs-import-so'].delete %}
+{%- set DELETE_DAYS = CURATORMERGED['logs-system-syslog-default'].delete %}
 actions:
   1:
     action: delete_indices
     description: >-
-      Delete import indices when older than {{ DELETE_DAYS }} days.
+      Delete Elastic Agent system syslog indices when older than {{ DELETE_DAYS }} days.
     options:
       ignore_empty_list: True
       disable_action: False
     filters:
     - filtertype: pattern
       kind: regex
-      value: '^(.ds-logs-import-so.*)$'
+      value: '^(.ds-logs-system.syslog-default.*)$'
     - filtertype: age
       source: name
       direction: older