mirror of https://github.com/rspamd/rspamd.git
Rapid spam filtering system
https://rspamd.com/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
3.3 KiB
109 lines
3.3 KiB
# Please don't modify this file as your changes might be overwritten with
|
|
# the next update.
|
|
#
|
|
# You can modify 'local.d/elastic.conf' to add and merge
|
|
# parameters defined inside this section
|
|
#
|
|
# You can modify 'override.d/elastic.conf' to strictly override all
|
|
# parameters defined inside this section
|
|
#
|
|
# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
|
|
# for details
|
|
#
|
|
# Module documentation can be found at https://rspamd.com/doc/modules/elastic.html
|
|
|
|
elastic {
|
|
enabled = false;
|
|
# server = "localhost:9200";
|
|
# user = "";
|
|
# password = "";
|
|
use_https = false;
|
|
periodic_interval = 5.0;
|
|
timeout = 5.0;
|
|
no_ssl_verify = false;
|
|
use_gzip = true;
|
|
use_keepalive = true;
|
|
version = {
|
|
autodetect_enabled = true;
|
|
autodetect_max_fail = 30;
|
|
# Override works only if autodetect is disabled
|
|
override = {
|
|
name = "opensearch";
|
|
version = "2.17";
|
|
}
|
|
};
|
|
limits = {
|
|
max_rows = 500; # Max logs in one bulk request to Elastic and the first reason to flush buffer to Elastic
|
|
max_interval = 60; # Seconds; if the first log in the buffer is older than this interval, flush the buffer
|
|
max_fail = 10;
|
|
};
|
|
index_template = {
|
|
managed = true;
|
|
name = "rspamd";
|
|
priority = 0;
|
|
pattern = "%Y.%m.%d";
|
|
shards_count = 3;
|
|
replicas_count = 1;
|
|
refresh_interval = 5; # Seconds
|
|
dynamic_keyword_ignore_above = 256;
|
|
headers_count_ignore_above = 5; # Record only the first N same-named headers, add "ignored above..." if the limit is reached; set 0 to disable the limit
|
|
headers_text_ignore_above = 2048; # Strip specific header value and add "..." to the end; set 0 to disable the limit
|
|
symbols_nested = false;
|
|
empty_value = "unknown"; # Empty numbers, IPs and IP nets are not customizable; they will always be 0, :: and ::/128 respectively
|
|
};
|
|
index_policy = {
|
|
enabled = true;
|
|
managed = true;
|
|
name = "rspamd"; # To use a custom lifecycle policy, change the name and set managed = false
|
|
hot = {
|
|
index_priority = 100;
|
|
};
|
|
warm = {
|
|
enabled = true;
|
|
after = "2d";
|
|
index_priority = 50;
|
|
migrate = true; # Supported only with Elastic distro; has no impact elsewhere
|
|
read_only = true;
|
|
change_replicas = false;
|
|
replicas_count = 1;
|
|
shrink = false;
|
|
shards_count = 1;
|
|
max_gb_per_shard = 0; # Zero - disabled by default, if enabled - shards_count is ignored
|
|
force_merge = false;
|
|
segments_count = 1;
|
|
};
|
|
cold = {
|
|
enabled = true;
|
|
after = "14d";
|
|
index_priority = 0;
|
|
migrate = true; # Supported only with Elastic distro; has no impact elsewhere
|
|
read_only = true;
|
|
change_replicas = false;
|
|
replicas_count = 1;
|
|
};
|
|
delete = {
|
|
enabled = true;
|
|
after = "30d";
|
|
};
|
|
};
|
|
collect_headers = [
|
|
"From";
|
|
"To";
|
|
"Subject";
|
|
"Date";
|
|
"User-Agent";
|
|
];
|
|
# Extra headers to collect, e.g.:
|
|
# "Precedence";
|
|
# "List-Id";
|
|
extra_collect_headers = [];
|
|
geoip = {
|
|
enabled = true;
|
|
managed = true;
|
|
pipeline_name = "rspamd-geoip";
|
|
};
|
|
|
|
.include(try=true,priority=5) "${DBDIR}/dynamic/elastic.conf"
|
|
.include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/elastic.conf"
|
|
.include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/elastic.conf"
|
|
}
|