| 
									
										
										
										
											2017-10-13 18:58:14 +00:00
										 |  |  | #!/bin/bash
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Let's ensure normal operation on exit or if interrupted ... | 
					
						
							|  |  |  | function fuCLEANUP { | 
					
						
							|  |  |  |   exit 0 | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | trap fuCLEANUP EXIT | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  | # Check internet availability  | 
					
						
							|  |  |  | function fuCHECKINET () { | 
					
						
							|  |  |  | mySITES=$1 | 
					
						
							|  |  |  | error=0 | 
					
						
							|  |  |  | for i in $mySITES; | 
					
						
							|  |  |  |   do | 
					
						
							|  |  |  |     curl --connect-timeout 5 -Is $i 2>&1 > /dev/null | 
					
						
							|  |  |  |       if [ $? -ne 0 ]; | 
					
						
							|  |  |  |         then | 
					
						
							|  |  |  |           let error+=1 | 
					
						
							|  |  |  |       fi; | 
					
						
							|  |  |  |   done; | 
					
						
							|  |  |  |   echo $error | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Check for connectivity and download latest translation maps | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  | myCHECK=$(fuCHECKINET "listbot.sicherheitstacho.eu") | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  | if [ "$myCHECK" == "0" ]; | 
					
						
							|  |  |  |   then | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  |     echo "Connection to Listbot looks good, now downloading latest translation maps." | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  |     cd /etc/listbot  | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  |     aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/cve.yaml.bz2 && \
 | 
					
						
							|  |  |  |     aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/iprep.yaml.bz2 && \
 | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  |     bunzip2 -f *.bz2 | 
					
						
							|  |  |  |     cd / | 
					
						
							|  |  |  |   else | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  |     echo "Cannot reach Listbot, starting Logstash without latest translation maps." | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  | fi | 
					
						
							| 
									
										
										
										
											2020-02-01 14:08:23 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-24 10:35:46 +00:00
										 |  |  | # We do want to enforce our es_template thus we always need to delete the default template, putting our default afterwards | 
					
						
							| 
									
										
										
										
											2020-06-23 21:40:38 +00:00
										 |  |  | # This is now done via common_configs.rb => overwrite default logstash template | 
					
						
							| 
									
										
										
										
											2020-08-24 10:35:46 +00:00
										 |  |  | echo "Removing logstash template." | 
					
						
							|  |  |  | curl -s -XDELETE http://elasticsearch:9200/_template/logstash | 
					
						
							|  |  |  | echo | 
					
						
							|  |  |  | echo "Checking if empty." | 
					
						
							|  |  |  | curl -s -XGET http://elasticsearch:9200/_template/logstash | 
					
						
							|  |  |  | echo | 
					
						
							|  |  |  | echo "Putting default template." | 
					
						
							|  |  |  | curl -s -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: application/json' -d' | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |   "index_patterns" : "logstash-*", | 
					
						
							|  |  |  |   "version" : 60001, | 
					
						
							|  |  |  |   "settings" : { | 
					
						
							|  |  |  |     "index.refresh_interval" : "5s", | 
					
						
							|  |  |  |     "number_of_shards" : 1, | 
					
						
							|  |  |  |     "index.number_of_replicas" : "0", | 
					
						
							|  |  |  |     "index.mapping.total_fields.limit" : "2000", | 
					
						
							|  |  |  |     "index.query": { | 
					
						
							|  |  |  |       "default_field": "*" | 
					
						
							|  |  |  |      } | 
					
						
							| 
									
										
										
										
											2020-08-25 12:25:59 +00:00
										 |  |  |   }, | 
					
						
							|  |  |  |   "mappings" : { | 
					
						
							|  |  |  |     "dynamic_templates" : [ { | 
					
						
							|  |  |  |       "message_field" : { | 
					
						
							|  |  |  |         "path_match" : "message", | 
					
						
							|  |  |  |         "match_mapping_type" : "string", | 
					
						
							|  |  |  |         "mapping" : { | 
					
						
							|  |  |  |           "type" : "text", | 
					
						
							|  |  |  |           "norms" : false | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     }, { | 
					
						
							|  |  |  |       "string_fields" : { | 
					
						
							|  |  |  |         "match" : "*", | 
					
						
							|  |  |  |         "match_mapping_type" : "string", | 
					
						
							|  |  |  |         "mapping" : { | 
					
						
							|  |  |  |           "type" : "text", "norms" : false, | 
					
						
							|  |  |  |           "fields" : { | 
					
						
							|  |  |  |             "keyword" : { "type": "keyword", "ignore_above": 256 } | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } ], | 
					
						
							|  |  |  |     "properties" : { | 
					
						
							|  |  |  |       "@timestamp": { "type": "date"}, | 
					
						
							|  |  |  |       "@version": { "type": "keyword"}, | 
					
						
							|  |  |  |       "geoip"  : { | 
					
						
							|  |  |  |         "dynamic": true, | 
					
						
							|  |  |  |         "properties" : { | 
					
						
							|  |  |  |           "ip": { "type": "ip" }, | 
					
						
							|  |  |  |           "location" : { "type" : "geo_point" }, | 
					
						
							|  |  |  |           "latitude" : { "type" : "half_float" }, | 
					
						
							|  |  |  |           "longitude" : { "type" : "half_float" } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2020-08-24 10:35:46 +00:00
										 |  |  | }' | 
					
						
							|  |  |  | echo |