# Please don't modify this file as your changes might be overwritten with # the next update. # # You can modify 'local.d/elastic.conf' to add and merge # parameters defined inside this section # # You can modify 'override.d/elastic.conf' to strictly override all # parameters defined inside this section # # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories # for details # # Module documentation can be found at https://rspamd.com/doc/modules/elastic.html elastic { enabled = false; # server = "localhost:9200"; # user = ""; # password = ""; use_https = false; periodic_interval = 5.0; timeout = 5.0; no_ssl_verify = false; use_gzip = true; use_keepalive = true; version = { autodetect_enabled = true; autodetect_max_fail = 30; # Override works only if autodetect is disabled override = { name = "opensearch"; version = "2.17"; } }; limits = { max_rows = 500; # Max logs in one bulk request to Elastic and the first reason to flush buffer to Elastic max_interval = 60; # Seconds; if the first log in the buffer is older than this interval, flush the buffer max_fail = 10; }; index_template = { managed = true; name = "rspamd"; priority = 0; pattern = "%Y.%m.%d"; shards_count = 3; replicas_count = 1; refresh_interval = 5; # Seconds dynamic_keyword_ignore_above = 256; headers_count_ignore_above = 5; # Record only the first N same-named headers, add "ignored above..." if the limit is reached; set 0 to disable the limit headers_text_ignore_above = 2048; # Strip specific header value and add "..." to the end; set 0 to disable the limit symbols_nested = false; empty_value = "unknown"; # Empty numbers, IPs and IP nets are not customizable; they will always be 0, :: and ::/128 respectively }; index_policy = { enabled = true; managed = true; name = "rspamd"; # To use a custom lifecycle policy, change the name and set managed = false hot = { index_priority = 100; }; warm = { enabled = true; after = "2d"; index_priority = 50; migrate = true; # Supported only with Elastic distro; has no impact elsewhere read_only = true; change_replicas = false; replicas_count = 1; shrink = false; shards_count = 1; max_gb_per_shard = 0; # Zero - disabled by default, if enabled - shards_count is ignored force_merge = false; segments_count = 1; }; cold = { enabled = true; after = "14d"; index_priority = 0; migrate = true; # Supported only with Elastic distro; has no impact elsewhere read_only = true; change_replicas = false; replicas_count = 1; }; delete = { enabled = true; after = "30d"; }; }; collect_headers = [ "From"; "To"; "Subject"; "Date"; "User-Agent"; ]; # Extra headers to collect, e.g.: # "Precedence"; # "List-Id"; extra_collect_headers = []; geoip = { enabled = true; managed = true; pipeline_name = "rspamd-geoip"; }; .include(try=true,priority=5) "${DBDIR}/dynamic/elastic.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/elastic.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/elastic.conf" }