Security-Onion-Solutions · TOoSmOotH · Dec 6, 2023 · Nov 29, 2023 · Nov 29, 2023 · Nov 29, 2023
diff --git a/salt/curator/files/action/delete.yml b/salt/curator/files/action/delete.yml
@@ -15,6 +15,7 @@ actions:
     description: >-
       Delete indices when {{log_size_limit}}(GB) is exceeded.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/logs-import-so-close.yml b/salt/curator/files/action/logs-import-so-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close import indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/logs-import-so-delete.yml b/salt/curator/files/action/logs-import-so-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete import indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/logs-strelka-so-close.yml b/salt/curator/files/action/logs-strelka-so-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Strelka indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/logs-strelka-so-delete.yml b/salt/curator/files/action/logs-strelka-so-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete Strelka indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/logs-suricata-so-close.yml b/salt/curator/files/action/logs-suricata-so-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Suricata indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/logs-suricata-so-delete.yml b/salt/curator/files/action/logs-suricata-so-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete Suricata indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/logs-syslog-so-close.yml b/salt/curator/files/action/logs-syslog-so-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close syslog indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/logs-syslog-so-delete.yml b/salt/curator/files/action/logs-syslog-so-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete syslog indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/logs-zeek-so-close.yml b/salt/curator/files/action/logs-zeek-so-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Zeek indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/logs-zeek-so-delete.yml b/salt/curator/files/action/logs-zeek-so-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete Zeek indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Beats indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-beats-delete.yml b/salt/curator/files/action/so-beats-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete beats indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-elasticsearch-close.yml b/salt/curator/files/action/so-elasticsearch-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close elasticsearch indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-elasticsearch-delete.yml b/salt/curator/files/action/so-elasticsearch-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete elasticsearch indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml
@@ -11,6 +11,7 @@ actions:
     description: >-
       Close Firewall indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-firewall-delete.yml b/salt/curator/files/action/so-firewall-delete.yml
@@ -11,6 +11,7 @@ actions:
     description: >-
       Delete firewall indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml
@@ -11,6 +11,7 @@ actions:
     description: >-
       Close IDS indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-ids-delete.yml b/salt/curator/files/action/so-ids-delete.yml
@@ -11,6 +11,7 @@ actions:
     description: >-
       Delete IDS indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Import indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-import-delete.yml b/salt/curator/files/action/so-import-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete import indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-kibana-close.yml b/salt/curator/files/action/so-kibana-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close kibana indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-kibana-delete.yml b/salt/curator/files/action/so-kibana-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete kibana indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-kratos-close.yml b/salt/curator/files/action/so-kratos-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close kratos indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-kratos-delete.yml b/salt/curator/files/action/so-kratos-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete kratos indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-logstash-close.yml b/salt/curator/files/action/so-logstash-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close logstash indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-logstash-delete.yml b/salt/curator/files/action/so-logstash-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete logstash indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-netflow-close.yml b/salt/curator/files/action/so-netflow-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close netflow indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-netflow-delete.yml b/salt/curator/files/action/so-netflow-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete netflow indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close osquery indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-osquery-delete.yml b/salt/curator/files/action/so-osquery-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete import indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close ossec indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-ossec-delete.yml b/salt/curator/files/action/so-ossec-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete ossec indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-redis-close.yml b/salt/curator/files/action/so-redis-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close redis indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-redis-delete.yml b/salt/curator/files/action/so-redis-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete redis indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Strelka indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-strelka-delete.yml b/salt/curator/files/action/so-strelka-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete Strelka indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close syslog indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-syslog-delete.yml b/salt/curator/files/action/so-syslog-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete syslog indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Close Zeek indices older than {{cur_close_days}} days.
     options:
+      allow_ilm_indices: True
       delete_aliases: False
       timeout_override:
       ignore_empty_list: True

diff --git a/salt/curator/files/action/so-zeek-delete.yml b/salt/curator/files/action/so-zeek-delete.yml
@@ -10,6 +10,7 @@ actions:
     description: >-
       Delete Zeek indices when older than {{ DELETE_DAYS }} days.
     options:
+      allow_ilm_indices: True
       ignore_empty_list: True
       disable_action: False
     filters:

diff --git a/salt/curator/tools/sbin/so-curator-close b/salt/curator/tools/sbin/so-curator-close
@@ -26,7 +26,7 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; 
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1;
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-import-so-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-so-close.yml > /dev/null 2>&1;
diff --git a/salt/curator/tools/sbin/so-curator-cluster-close b/salt/curator/tools/sbin/so-curator-cluster-close
@@ -24,7 +24,7 @@ docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/cur
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; 
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1;
 docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-import-so-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-close.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-so-close.yml > /dev/null 2>&1;
+docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-so-close.yml > /dev/null 2>&1;