securityonion/salt/curator/files/curator.yml

{% if grains['role'] == 'so-node' %}

{%- set elasticsearch = salt['pillar.get']('node:mainip', '') -%}

{% elif grains['role'] == 'so-eval' %}

{%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%}

{%- endif %}

---
# Remember, leave a key empty if there is no value.  None will be a string,
# not a Python "NoneType"
client:
  hosts:
    - {{elasticsearch}}
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False

logging:
  loglevel: INFO
  logfile: '/var/log/curator/curator.log'
  logformat: default
  blacklist: ['elasticsearch', 'urllib3']