Merge pull request #151 from weslambert/elastalert

if ElastAlert disabled, don't configure template

usr/sbin/so-elastic-configure-elastalert

@@ -4,15 +4,14 @@
 
 . /etc/nsm/securityonion.conf
 
-header "Configuring ElastAlert"
+if [ ${ELASTALERT_ENABLED} = "yes" ]; then
 
-# Not sure that we should delete the existing elastalert index,
-# but we'll leave this here until ElastAlert supports ES6 as that will change things anyway
-#if ! curl -s -XGET http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX} | grep -q "no such index"; then
-#	curl -s -XDELETE http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX}
-#	echo
-#fi
-echo
-echo "Applying ElastAlert template..."
-curl -s -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/elastalert -H'Content-Type: application/json' -d'{"template" : "elastalert_status", "settings": { "number_of_shards" : 1, "number_of_replicas" : 0 }, "mappings" : { "search": {"properties": {"hits": {"type": "integer"}, "version": {"type": "integer"}, "match_body.source_ip": {"type": "ip"}, "match_body.destination_ip": {"type": "ip"}}}}}'
-echo
+	header "Configuring ElastAlert"
+
+	if ! curl -s -XGET http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX} | grep -q "no such index"; then
+		curl -s -XDELETE http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/${ELASTALERT_INDEX}
+	fi
+	curl -s -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/elastalert -H'Content-Type: application/json' -d'{"template" : "elastalert_status", "settings": { "number_of_shards" : 1, "number_of_replicas" : 0 }, "mappings" : { "search": {"properties": {"hits": {"type": "integer"}, "version": {"type": "integer"}, "match_body.source_ip": {"type": "ip"}, "match_body.destination_ip": {"type": "ip"}}}}}' > /dev/null && echo && echo "Template configured for ElastAlert." && echo "Done!"
+else
+	echo "ElastAlert disabled, so not configuring..."
+fi