########################################################
# T-Pot Community Edition                              #
# ELK upstart script                                   #
#                                                      #
# v0.53 by mo, DTAG, 2015-08-07                        #
########################################################

description "ELK"
author "mo"
start on started docker and filesystem and started ews and started dionaea and started glastopf and started honeytrap and started kippo and started suricata
stop on runlevel [!2345]
respawn
pre-start script
  # Remove any existing elk containers
  myCID=$(docker ps -a | grep elk | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm -v $myCID;
  fi
end script
script
  # Delayed start to avoid rapid respawning
  sleep $(((RANDOM % 5)+5))
  /usr/bin/docker run --name=elk --volumes-from ews --volumes-from suricata -v /data/elk/:/data/elk/ -p 127.0.0.1:64296:8080 --rm=true dtagdevsec/elk
end script