########################################################
# T-Pot                                                #
# ELK upstart script                                   #
#                                                      #
# v16.03.7 by mo, DTAG, 2016-03-12                     #
########################################################

description "ELK"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script
  # Remove any existing elk containers
  myCID=$(docker ps -a | grep elk | awk '{ print $1 }')
  if [ "$myCID" != "" ];
    then docker rm -v $myCID;
  fi
  # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification
  # ELK daemon log files will be removed
  rm -rf /data/elk/log/* || true
end script
script
  /usr/bin/docker run --name=elk -v /data:/data -v /var/log:/data/host/log -p 127.0.0.1:64296:8080 --rm=true dtagdevsec/elk:latest1603
end script
post-start script
  # Delay next  start to avoid rapid respawning
  sleep 2
end script