CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove close settings and cron

Browse Source
This commit is contained in:
Wes
2023-12-07 13:58:39 +00:00
parent f38758a9c7
commit f52da4a933
3 changed files with 2 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
salt/curator/defaults.yaml
View File

@@ -2,57 +2,6 @@ curator:
enabled: False enabled: False
elasticsearch: elasticsearch:
index_settings: index_settings:
logs-import-so:
close: 73000
delete: 73001
logs-strelka-so:
close: 30
delete: 365
logs-suricata-so:
close: 30
delete: 365
logs-syslog-so:
close: 30
delete: 365
logs-zeek-so:
close: 30
delete: 365
logs-elastic_agent-metricbeat-default:
close: 30
delete: 365
logs-elastic_agent-osquerybeat-default:
close: 30
delete: 365
logs-elastic_agent-fleet_server-default:
close: 30
delete: 365
logs-elastic_agent-filebeat-default:
close: 30
delete: 365
logs-elastic_agent-default:
close: 30
delete: 365
logs-system-auth-default:
close: 30
delete: 365
logs-system-application-default:
close: 30
delete: 365
logs-system-security-default:
close: 30
delete: 365
logs-system-system-default:
close: 30
delete: 365
logs-system-syslog-default:
close: 30
delete: 365
logs-windows-powershell-default:
close: 30
delete: 365
logs-windows-sysmon_operational-default:
close: 30
delete: 365
so-beats: so-beats:
close: 30 close: 30
delete: 365 delete: 365

9
salt/curator/enabled.sls
View File

@@ -58,15 +58,8 @@ delete_so-curator_so-status.disabled:
- regex: ^so-curator$ - regex: ^so-curator$
so-curator-cluster-close: so-curator-cluster-close:
cron.present: cron.absent:
- name: /usr/sbin/so-curator-cluster-close > /opt/so/log/curator/cron-close.log 2>&1
- identifier: so-curator-cluster-close - identifier: so-curator-cluster-close
- user: root
- minute: '2'
- hour: '*/1'
- daymonth: '*'
- month: '*'
- dayweek: '*'
so-curator-cluster-delete: so-curator-cluster-delete:
cron.present: cron.present:

53
salt/curator/soc_curator.yaml
View File

@@ -4,7 +4,7 @@ curator:
helpLink: curator.html helpLink: curator.html
elasticsearch: elasticsearch:
index_settings: index_settings:
logs-import-so: so-beats:
close: &close close: &close
description: Age, in days, when Curator closes the index. description: Age, in days, when Curator closes the index.
helpLink: curator.html helpLink: curator.html
@@ -13,57 +13,6 @@ curator:
description: Age, in days, when Curator deletes the index. description: Age, in days, when Curator deletes the index.
helpLink: curator.html helpLink: curator.html
forcedType: int forcedType: int
logs-strelka-so:
close: *close
delete: *delete
logs-suricata-so:
close: *close
delete: *delete
logs-syslog-so:
close: *close
delete: *delete
logs-zeek-so:
close: *close
delete: *delete
logs-elastic_agent-metricbeat-default:
close: *close
delete: *delete
logs-elastic_agent-osquerybeat-default:
close: *close
delete: *delete
logs-elastic_agent-fleet_server-default:
close: *close
delete: *delete
logs-elastic_agent-filebeat-default:
close: *close
delete: *delete
logs-elastic_agent-default:
close: *close
delete: *delete
logs-system-auth-default:
close: *close
delete: *delete
logs-system-application-default:
close: *close
delete: *delete
logs-system-security-default:
close: *close
delete: *delete
logs-system-system-default:
close: *close
delete: *delete
logs-system-syslog-default:
close: *close
delete: *delete
logs-windows-powershell-default:
close: *close
delete: *delete
logs-windows-sysmon_operational-default:
close: *close
delete: *delete
so-beats:
close: *close
delete: *delete
so-elasticsearch: so-elasticsearch:
close: *close close: *close
delete: *delete delete: *delete