Merge pull request #8288 from Security-Onion-Solutions/fix/soup_elastalert_indices_deletion_check

Ensure Elastalert indices are deleted before continuing with SOUP
2025-12-07 09:42:46 +01:00 · 2022-07-13 08:44:04 -04:00
parent d7eb8b9bcb 8e92060c29
commit fa894cf83b
1 changed files with 7 additions and 0 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -851,6 +851,13 @@ up_to_2.3.140() {
   
   # Delete Elastalert indices
   for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do so-elasticsearch-query $i -XDELETE; done
+   # Check to ensure Elastalert indices have been deleted
+   RESPONSE=$(so-elasticsearch-query elastalert*)
+   if [[ "$RESPONSE" == "{}" ]]; then
+     echo "Elastalert indices have been deleted."
+   else
+     fail "Something went wrong. Could not delete the Elastalert indices. Exiting."
+   fi
   ##
   INSTALLEDVERSION=2.3.140
 }