diff --git a/files/configuration/pdnssoccli/pdnssoccli.cron b/files/configuration/pdnssoccli/pdnssoccli.cron index 22a83ea..8058387 100644 --- a/files/configuration/pdnssoccli/pdnssoccli.cron +++ b/files/configuration/pdnssoccli/pdnssoccli.cron @@ -1,8 +1,8 @@ -# Run fetch_iocs every 10 minutes -*/10 * * * * dnscollector /usr/local/bin/pdnssoc-cli fetch-iocs -c /etc/pdnssoccli/pdnssoccli.yml +# Run fetch_iocs every 1 minute +* * * * * root (pdnssoc-cli fetch-iocs && /bin/kill -SIGHUP $(cat /var/dnscollector/collector.pid)) >> /var/log/pdnssoc-cli-fetch-iocs.log 2>&1 -# Run correlation every 1 minute -* * * * * dnscollector /usr/local/bin/pdnssoc-cli correlate -c /etc/pdnssoccli/pdnssoccli.yml +# Run correlation & alert every 1 minute +* * * * * root pdnssoc-cli correlate /var/dnscollector/matches >> /var/log/pdnssoc-cli-correlate.log 2>&1 && pdnssoc-cli alert /var/dnscollector/alerts/ >> /var/log/pdnssoc-cli-alert.log 2>&1 -# Run alerting every 1 minute -* * * * * dnscollector /usr/local/bin/pdnssoc-cli alert -c /etc/pdnssoccli/pdnssoccli.yml +# Retro-active searches every hour, if the system is not overloaded +5 * * * * root ([ $(awk '{print $1}' /proc/loadavg) \< 0.5 ] && pdnssoc-cli correlate --retro_disco_lookup /var/dnscollector/queries/) >> /var/log/pdnssoc-cli-retro.log 2>&1