mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
|
|
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
|
|
elastalert:
|
|
config:
|
|
rules_folder: /opt/elastalert/rules/
|
|
scan_subdirectories: true
|
|
disable_rules_on_error: false
|
|
run_every:
|
|
minutes: 3
|
|
buffer_time:
|
|
minutes: 10
|
|
old_query_limit:
|
|
minutes: 5
|
|
es_host: {{salt['pillar.get']('manager:mainip', '')}}
|
|
es_port: {{salt['pillar.get']('manager:es_port', '')}}
|
|
es_conn_timeout: 55
|
|
max_query_size: 5000
|
|
#aws_region: us-east-1
|
|
#profile: test
|
|
#es_url_prefix: elasticsearch
|
|
use_ssl: true
|
|
verify_certs: false
|
|
#es_send_get_body_as: GET
|
|
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
|
|
es_username: "{{ ES_USER }}"
|
|
es_password: "{{ ES_PASS }}"
|
|
{%- endif %}
|
|
writeback_index: elastalert_status
|
|
alert_time_limit:
|
|
days: 2
|
|
index_settings:
|
|
shards: 1
|
|
replicas: 0
|
|
logging:
|
|
version: 1
|
|
incremental: false
|
|
disable_existing_loggers: false
|
|
formatters:
|
|
logline:
|
|
format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
|
|
handlers:
|
|
file:
|
|
class: logging.FileHandler
|
|
formatter: logline
|
|
level: INFO
|
|
filename: /var/log/elastalert/elastalert.log
|
|
loggers:
|
|
'':
|
|
level: INFO
|
|
handlers:
|
|
- file
|
|
propagate: false
|