From f52da4a93368742ccac6d45f34f87bb2d0b3e5d7 Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 7 Dec 2023 13:58:39 +0000 Subject: [PATCH] Remove close settings and cron --- salt/curator/defaults.yaml | 51 --------------------------------- salt/curator/enabled.sls | 9 +----- salt/curator/soc_curator.yaml | 53 +---------------------------------- 3 files changed, 2 insertions(+), 111 deletions(-) diff --git a/salt/curator/defaults.yaml b/salt/curator/defaults.yaml index eb518264f..0109197fc 100644 --- a/salt/curator/defaults.yaml +++ b/salt/curator/defaults.yaml @@ -2,57 +2,6 @@ curator: enabled: False elasticsearch: index_settings: - logs-import-so: - close: 73000 - delete: 73001 - logs-strelka-so: - close: 30 - delete: 365 - logs-suricata-so: - close: 30 - delete: 365 - logs-syslog-so: - close: 30 - delete: 365 - logs-zeek-so: - close: 30 - delete: 365 - logs-elastic_agent-metricbeat-default: - close: 30 - delete: 365 - logs-elastic_agent-osquerybeat-default: - close: 30 - delete: 365 - logs-elastic_agent-fleet_server-default: - close: 30 - delete: 365 - logs-elastic_agent-filebeat-default: - close: 30 - delete: 365 - logs-elastic_agent-default: - close: 30 - delete: 365 - logs-system-auth-default: - close: 30 - delete: 365 - logs-system-application-default: - close: 30 - delete: 365 - logs-system-security-default: - close: 30 - delete: 365 - logs-system-system-default: - close: 30 - delete: 365 - logs-system-syslog-default: - close: 30 - delete: 365 - logs-windows-powershell-default: - close: 30 - delete: 365 - logs-windows-sysmon_operational-default: - close: 30 - delete: 365 so-beats: close: 30 delete: 365 diff --git a/salt/curator/enabled.sls b/salt/curator/enabled.sls index b2574569f..916aa920d 100644 --- a/salt/curator/enabled.sls +++ b/salt/curator/enabled.sls @@ -58,15 +58,8 @@ delete_so-curator_so-status.disabled: - regex: ^so-curator$ so-curator-cluster-close: - cron.present: - - name: /usr/sbin/so-curator-cluster-close > /opt/so/log/curator/cron-close.log 2>&1 + cron.absent: - identifier: so-curator-cluster-close - - user: root - - minute: '2' - - hour: '*/1' - - daymonth: '*' - - month: '*' - - dayweek: '*' so-curator-cluster-delete: cron.present: diff --git a/salt/curator/soc_curator.yaml b/salt/curator/soc_curator.yaml index 5e5b1fcc6..a2b9ad32e 100644 --- a/salt/curator/soc_curator.yaml +++ b/salt/curator/soc_curator.yaml @@ -4,7 +4,7 @@ curator: helpLink: curator.html elasticsearch: index_settings: - logs-import-so: + so-beats: close: &close description: Age, in days, when Curator closes the index. helpLink: curator.html @@ -13,57 +13,6 @@ curator: description: Age, in days, when Curator deletes the index. helpLink: curator.html forcedType: int - logs-strelka-so: - close: *close - delete: *delete - logs-suricata-so: - close: *close - delete: *delete - logs-syslog-so: - close: *close - delete: *delete - logs-zeek-so: - close: *close - delete: *delete - logs-elastic_agent-metricbeat-default: - close: *close - delete: *delete - logs-elastic_agent-osquerybeat-default: - close: *close - delete: *delete - logs-elastic_agent-fleet_server-default: - close: *close - delete: *delete - logs-elastic_agent-filebeat-default: - close: *close - delete: *delete - logs-elastic_agent-default: - close: *close - delete: *delete - logs-system-auth-default: - close: *close - delete: *delete - logs-system-application-default: - close: *close - delete: *delete - logs-system-security-default: - close: *close - delete: *delete - logs-system-system-default: - close: *close - delete: *delete - logs-system-syslog-default: - close: *close - delete: *delete - logs-windows-powershell-default: - close: *close - delete: *delete - logs-windows-sysmon_operational-default: - close: *close - delete: *delete - so-beats: - close: *close - delete: *delete so-elasticsearch: close: *close delete: *delete