blob: 804a00dd7a9092a94cf61daa76eb47c24be895dc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
# You can modify 'local.d/elastic.conf' to add and merge
# parameters defined inside this section
#
# You can modify 'override.d/elastic.conf' to strictly override all
# parameters defined inside this section
#
# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
# for details
#
# Module documentation can be found at https://rspamd.com/doc/modules/elastic.html
elastic {
enabled = false;
# server = "localhost:9200";
# user = "";
# password = "";
use_https = false;
periodic_interval = 5.0;
timeout = 5.0;
no_ssl_verify = false;
use_gzip = true;
use_keepalive = true;
version = {
autodetect_enabled = true;
autodetect_max_fail = 30;
# Override works only if autodetect is disabled
override = {
name = "opensearch";
version = "2.17";
}
};
limits = {
max_rows = 500; # Max logs in one bulk request to Elastic and the first reason to flush buffer to Elastic
max_interval = 60; # Seconds; if the first log in the buffer is older than this interval, flush the buffer
max_fail = 10;
};
index_template = {
managed = true;
name = "rspamd";
priority = 0;
pattern = "%Y.%m.%d";
shards_count = 3;
replicas_count = 1;
refresh_interval = 5; # Seconds
dynamic_keyword_ignore_above = 256;
headers_count_ignore_above = 5; # Record only the first N same-named headers, add "ignored above..." if the limit is reached; set 0 to disable the limit
headers_text_ignore_above = 2048; # Strip specific header value and add "..." to the end; set 0 to disable the limit
symbols_nested = false;
empty_value = "unknown"; # Empty numbers, IPs and IP nets are not customizable; they will always be 0, :: and ::/128 respectively
};
index_policy = {
enabled = true;
managed = true;
name = "rspamd"; # To use a custom lifecycle policy, change the name and set managed = false
hot = {
index_priority = 100;
};
warm = {
enabled = true;
after = "2d";
index_priority = 50;
migrate = true; # Supported only with Elastic distro; has no impact elsewhere
read_only = true;
change_replicas = false;
replicas_count = 1;
shrink = false;
shards_count = 1;
max_gb_per_shard = 0; # Zero - disabled by default, if enabled - shards_count is ignored
force_merge = false;
segments_count = 1;
};
cold = {
enabled = true;
after = "14d";
index_priority = 0;
migrate = true; # Supported only with Elastic distro; has no impact elsewhere
read_only = true;
change_replicas = false;
replicas_count = 1;
};
delete = {
enabled = true;
after = "30d";
};
};
collect_headers = [
"From";
"To";
"Subject";
"Date";
"User-Agent";
];
# Extra headers to collect, e.g.:
# "Precedence";
# "List-Id";
extra_collect_headers = [];
geoip = {
enabled = true;
managed = true;
pipeline_name = "rspamd-geoip";
};
.include(try=true,priority=5) "${DBDIR}/dynamic/elastic.conf"
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/elastic.conf"
.include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/elastic.conf"
}
|
