########################################################
# T-Pot Community Edition                              #
# ELK upstart script                                   #
#                                                      #
# v0.50 by mo, DTAG, 2015-01-27                        #
########################################################

description "ELK"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
  # Remove any existing elk containers
  myCID=$(docker ps -a | grep elk | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm $myCID;
  fi
end script
script
  # Delayed start to avoid rapid respawning 
  sleep $(((RANDOM % 5)+5)) 
  /usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:80 --rm=true dtagdevsec/elk
end script