scripts, configs, optimizations, dashboard base

installer/bin/backup_elk.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+########################################################
+# T-Pot                                                #
+# ELK DB backup script                                 #
+#                                                      #
+# v0.01 by mo, DTAG, 2016-02-12                        #
+########################################################
+myCOUNT=1
+myDATE=$(date +%Y%m%d%H%M)
+myELKPATH="/data/elk/"
+myBACKUPPATH="/data/"
+
+# Make sure not to interrupt a check
+while true
+do
+  if ! [ -a /var/run/check.lock ];
+    then break
+  fi
+  sleep 0.1
+  if [ "$myCOUNT" = "1" ];
+    then
+      echo -n "Waiting for services "
+    else echo -n .
+  fi
+  if [ "$myCOUNT" = "6000" ];
+    then
+    echo
+    echo "Overriding check.lock"
+    rm /var/run/check.lock
+    break
+  fi
+  myCOUNT=$[$myCOUNT +1]
+done
+
+# We do not want to get interrupted by a check
+touch /var/run/check.lock
+
+# Stop ELK to lift db lock
+echo "Now stopping ELK ..."
+service elk stop
+sleep 10
+
+# Backup DB in 2 flavors
+echo "Now backing up Elasticsearch data ..."
+tar cvfz $myBACKUPPATH"$myDATE"_elkall.tgz $myELKPATH  
+rm -rf "$myELKPATH"log/*
+rm -rf "$myELKPATH"data/elasticsearch/nodes/0/indices/logstash*
+tar cvfz $myBACKUPPATH"$myDATE"_elkbase.tgz $myELKPATH
+rm -rf $myELKPATH
+tar xvfz $myBACKUPPATH"$myDATE"_elkall.tgz -C / 
+#tar xvfz $myBACKUPPATH"$myDATE"_elkbase.tgz -C /
+chmod 760 -R $myELKPATH
+chown tpot:tpot -R $myELKPATH
+
+# Start ELK
+service elk start
+echo "Now starting up ELK ..."
+
+# Allow checks to resume
+rm /var/run/check.lock
+