Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FIX: Update clear scripts #11991 #12001

Merged
merged 3 commits into from
Dec 13, 2023
Merged

FIX: Update clear scripts #11991 #12001

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aaf60be
Update so-nsm-clear
dougburks Dec 12, 2023
d49d132
Update so-elastic-clear
dougburks Dec 12, 2023
2c4d0a0
Update so-elastic-fleet-reset
dougburks Dec 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions salt/common/tools/sbin/so-nsm-clear
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,13 @@ done
if [ $SKIP -ne 1 ]; then
# Inform user we are about to delete all data
echo
echo "This script will delete all NIDS data (PCAP, Suricata, Zeek)"
echo "If you would like to proceed, please type "AGREE" and hit ENTER."
echo "This script will delete all NSM data from /nsm."
echo
echo "This includes Suricata data, Zeek data, and full packet capture (PCAP)."
echo
echo "This will NOT delete any Suricata or Zeek logs that have already been ingested into Elasticsearch."
echo
echo "If you would like to proceed, then type AGREE and press ENTER."
echo
# Read user input
read INPUT
Expand All @@ -54,8 +59,8 @@ delete_pcap() {
[ -d $PCAP_DATA ] && so-pcap-stop && rm -rf $PCAP_DATA/* && so-pcap-start
}
delete_suricata() {
SURI_LOG="/opt/so/log/suricata/eve.json"
[ -f $SURI_LOG ] && so-suricata-stop && rm -f $SURI_LOG && so-suricata-start
SURI_LOG="/nsm/suricata/"
[ -d $SURI_LOG ] && so-suricata-stop && rm -rf $SURI_LOG/* && so-suricata-start
}
delete_zeek() {
ZEEK_LOG="/nsm/zeek/logs/"
Expand Down
2 changes: 1 addition & 1 deletion salt/elasticsearch/tools/sbin/so-elastic-clear
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ if [ $SKIP -ne 1 ]; then
echo
echo "This script will delete all data (documents, indices, etc.) in the Elasticsearch database."
echo
echo "If you would like to proceed, please type "AGREE" and hit ENTER."
echo "If you would like to proceed, then type AGREE and press ENTER."
echo
# Read user input
read INPUT
Expand Down
4 changes: 2 additions & 2 deletions salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ echo "This includes data previously ingested with Fleet such as Zeek and Suricat
echo "Deployed Elastic Agents will no longer be enrolled and will need to be reinstalled."
echo "This script should only be used as a last resort to reinstall Elastic Fleet."
echo
echo "If you would like to proceed, type AGREE and hit ENTER."
echo "If you would like to proceed, then type AGREE and press ENTER."
echo
# Read user input
read INPUT
Expand Down Expand Up @@ -93,4 +93,4 @@ so-elastic-fleet-setup
status "Re-installing Elastic Agent on all Grid Nodes..."
salt \* state.apply elasticfleet.install_agent_grid queue=True

status "Elastic Fleet Reset complete...."
status "Elastic Fleet Reset complete...."
Loading