prepare for forward logs to cc

installer/data/systemd/elk.service

@@ -8,7 +8,7 @@ Restart=always
 ExecStartPre=-/usr/bin/docker stop elk
 ExecStartPre=-/usr/bin/docker rm -v elk
 ExecStartPre=/bin/bash -c '/usr/bin/clean.sh elk'
-ExecStart=/usr/bin/docker run --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 --name=elk -v /data:/data -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706
+ExecStart=/usr/bin/docker run --name=elk --env-file /data/elk/environment --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:5601 -p 127.0.0.1:64302:9100 -p 127.0.0.1:64298:9200 --rm=true dtagdevsec/elk:1706
 ExecStop=/usr/bin/docker stop elk
 
 [Install]

installer/etc/rc.local

@@ -10,6 +10,10 @@ tee /data/ews/conf/ews.ip << EOF
 [MAIN]
 ip = $myEXTIP
 EOF
+tee /data/elk/environment << EOF
+MY_EXTIP=$myEXTIP
+MY_HOSTNAME=$HOSTNAME
+EOF
 echo $myLOCALIP > /data/elk/logstash/mylocal.ip
 chown tpot:tpot /data/ews/conf/ews.ip
 if [ -f /var/run/check.lock ];

installer/install.sh

@@ -381,7 +381,7 @@ tee -a /etc/crontab <<EOF
 27 4 * * *	root	docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring \%Y.\%m.\%d'
 
 # Update IP and erase check.lock if it exists
-27 15 * * *	root	/etc/rc.local
+27 5 * * *	root	/etc/rc.local
 
 # Daily reboot
 27 23 * * *	root	reboot