add index template creation for elasticsearch

Signed-off-by: Thomas Labarussias <issif+github@gadz.org>

README.md

@@ -163,14 +163,17 @@ Results:
 
 ### Elasticsearch
 
-|     Setting      |    Default    |                                    Description                                    |
-| ---------------- | ------------- | --------------------------------------------------------------------------------- |
-| `host_port`      | n/a           | http://{domain or ip}:{port}                                                      |
-| `user`           | n/a           | User for Grafana Logs                                                             |
-| `password`       | n/a           | Password for Grafana Logs                                                         |
-| `index`          | `falco-talon` | Elasticsearch index                                                               |
-| `suffix`         | `daily`       | Date suffix for index rotation : `daily` (default), `monthly`, `annually`, `none` |
-| `custom_headers` | n/a           | Custom HTTP Headers                                                               |
+|         Setting         |    Default    |                                    Description                                    |
+| ----------------------- | ------------- | --------------------------------------------------------------------------------- |
+| `host_port`             | n/a           | http://{domain or ip}:{port}                                                      |
+| `user`                  | n/a           | User for Grafana Logs                                                             |
+| `password`              | n/a           | Password for Grafana Logs                                                         |
+| `index`                 | `falco-talon` | Elasticsearch index                                                               |
+| `suffix`                | `daily`       | Date suffix for index rotation : `daily` (default), `monthly`, `annually`, `none` |
+| `create_index_template` | `true`        | Create the index template at the init if it doesn't exist                         |
+| `number_of_shards`      | `3`           | Number of shards for the index  (if `create_index_template` is `true`)            |
+| `number_of_replicas`    | `3`           | Number of replicas for the index (if `create_index_template` is `true`)           |
+| `custom_headers`        | n/a           | Custom HTTP Headers                                                               |
 
 ### SMTP
 

actionners/kubernetes/exec/exec.go

@@ -21,8 +21,8 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
 	namespace := event.GetNamespaceName()
 
 	objects := map[string]string{
-		"Pod":       pod,
-		"Namespace": namespace,
+		"pod":       pod,
+		"namespace": namespace,
 	}
 
 	parameters := action.GetParameters()

actionners/kubernetes/labelize/labelize.go

@@ -30,8 +30,8 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
 	namespace := event.GetNamespaceName()
 
 	objects := map[string]string{
-		"Pod":       pod,
-		"Namespace": namespace,
+		"pod":       pod,
+		"namespace": namespace,
 	}
 
 	payload := make([]patch, 0)

actionners/kubernetes/log/log.go

@@ -19,8 +19,8 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
 	namespace := event.GetNamespaceName()
 
 	objects := map[string]string{
-		"Pod":       pod,
-		"Namespace": namespace,
+		"pod":       pod,
+		"namespace": namespace,
 	}
 
 	parameters := action.GetParameters()

actionners/kubernetes/networkpolicy/networkpolicy.go

@@ -21,8 +21,8 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
 	namespace := event.GetNamespaceName()
 
 	objects := map[string]string{
-		"Pod":       podName,
-		"Namespace": namespace,
+		"pod":       podName,
+		"namespace": namespace,
 	}
 	client := kubernetes.GetClient()
 

actionners/kubernetes/script/script.go

@@ -23,8 +23,8 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
 	namespace := event.GetNamespaceName()
 
 	objects := map[string]string{
-		"Pod":       pod,
-		"Namespace": namespace,
+		"pod":       pod,
+		"namespace": namespace,
 	}
 
 	parameters := action.GetParameters()

actionners/kubernetes/terminate/terminate.go

@@ -20,8 +20,8 @@ var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (
 	namespace := event.GetNamespaceName()
 
 	objects := map[string]string{
-		"Pod":       podName,
-		"Namespace": namespace,
+		"pod":       podName,
+		"namespace": namespace,
 	}
 
 	parameters := action.GetParameters()

notifiers/elasticsearch/elasticsearch.go

@@ -1,23 +1,30 @@
 package elasticsearch
 
 import (
+	"encoding/json"
 	"errors"
+	"fmt"
+	"strings"
 	"time"
 
 	"github.com/Issif/falco-talon/notifiers/http"
 	"github.com/Issif/falco-talon/utils"
 )
 
 type Settings struct {
-	CustomHeaders map[string]string `field:"custom_headers"`
-	URL           string            `field:"url"`
-	User          string            `field:"user"`
-	Password      string            `field:"password"`
-	Suffix        string            `field:"suffix" default:"daily"`
-	Index         string            `field:"index" default:"falco-talon"`
+	CustomHeaders       map[string]string `field:"custom_headers"`
+	URL                 string            `field:"url"`
+	User                string            `field:"user"`
+	Password            string            `field:"password"`
+	Suffix              string            `field:"suffix" default:"daily"`
+	CreateIndexTemplate bool              `field:"create_index_template" default:"true"`
+	NumberOfShards      int               `field:"number_of_shards" default:"3"`
+	NumberOfReplicas    int               `field:"number_of_replicas" default:"3"`
+	Index               string            `field:"index" default:"falco-talon"`
 }
 
 const docType string = "/_doc"
+const indexTemplate string = "/_index_template/falco-talon"
 
 var settings *Settings
 
@@ -27,6 +34,26 @@ var Init = func(fields map[string]interface{}) error {
 	if err := checkSettings(settings); err != nil {
 		return err
 	}
+	if settings.CreateIndexTemplate {
+		client := http.NewClient("GET", "", "", settings.CustomHeaders)
+		if settings.User != "" && settings.Password != "" {
+			client.SetBasicAuth(settings.User, settings.Password)
+		}
+		if err := client.Request(settings.URL+indexTemplate, nil); err != nil {
+			if err.Error() == "resource not found" {
+				client.SetHTTPMethod("PUT")
+				m := strings.ReplaceAll(mapping, "${SHARDS}", fmt.Sprintf("%v", settings.NumberOfShards))
+				m = strings.ReplaceAll(m, "${REPLICAS}", fmt.Sprintf("%v", settings.NumberOfReplicas))
+				j := make(map[string]interface{})
+				if err := json.Unmarshal([]byte(m), &j); err != nil {
+					return err
+				}
+				if err := client.Request(settings.URL+indexTemplate, j); err != nil {
+					return err
+				}
+			}
+		}
+	}
 	return nil
 }
 
@@ -49,7 +76,7 @@ var Notify = func(log utils.LogLine) error {
 
 	log.Time = time.Now().Format(time.RFC3339)
 
-	if err := client.Post(u, log); err != nil {
+	if err := client.Request(u, log); err != nil {
 		return err
 	}
 
@@ -60,6 +87,12 @@ func checkSettings(settings *Settings) error {
 	if settings.URL == "" {
 		return errors.New("wrong `url` setting")
 	}
+	if settings.NumberOfShards < 1 {
+		return errors.New("wrong `number_of_shards` setting")
+	}
+	if settings.NumberOfReplicas < 1 {
+		return errors.New("wrong `number_of_replcicas` setting")
+	}
 
 	if err := http.CheckURL(settings.URL); err != nil {
 		return err