Agent sends wrong log level to Endpoint

[ferullo]

In this issue, @muskangulati-qasource found that on a Windows 7 machine Endpoint was being sent a configuration from Agentthat set the log level to the string "".

Below are key facts from the original comment for the bug.

fleet.yml contains the below content

agent:
  id: 381cc1b0-f772-4a0f-bd20-925610b7d783
  logging.level: info
  monitoring.http:
    enabled: false
    host: ""
    port: 6791
fleet:
  enabled: true
  access_api_key: <redacted>
  protocol: http
  host: <redacted>
  hosts:
  - https://<redacted>
  timeout: 5m0s
  ssl:
    verification_mode: none
    renegotiation: never
  reporting:
    threshold: 10000
    check_frequency_sec: 30
  agent:
    id: ""

elastic-endpoint.yaml's fleet section is below. Notice that the logging level is "". There is no reason this would be changed by Endpoint after its received by Agent. Endpoint just accepts the config and saves the whole thing without modification.

fleet:
  access_api_key: <redacted>
  agent:
    id: 381cc1b0-f772-4a0f-bd20-925610b7d783
    logging:
      level: ""
    monitoring:
      http:
        enabled: false
        host: ""
        port: 6791
  enabled: true
  host:
    id: 5064b7d5-80c5-4eff-aeaf-06e85448a222
  hosts:
  - <redacted>
  protocol: https
  reporting:
    check_frequency_sec: 30
    threshold: 10000
  ssl:
    renegotiation: never
    verification_mode: none
  timeout: 5m0s

For confirmed bugs, please report:

• Version: 7.13.0 BC3
• Operating System: Windows 7
• Discuss Forum URL: N/A
• Steps to Reproduce: Install Endpoint. No other steps were reported having been taken.

[elasticmachine]

Pinging @elastic/agent (Team:Agent)

[EricDavisX]

@dikshachauhan-qasource @amolnater-qasource can you help confirm this on Windows 10 and another Win 7 host at a minimum? It will help to know if it is specific to the OS, and you can inspect the elastic-endpoint.yaml's fleet section as noted above to see what is set on the file system.

[dikshachauhan-qasource]

Hi @EricDavisX

We have validated this issue and able to reproduce on Win 7 machine using Kibana 7.13 BC9 build.

BUILD 40865
COMMIT 9863e88bd63ad546b9d36e6b0c0c55cb65dd9081
https://staging.elastic.co/7.13.0-c04b1ebc/summary-7.13.0.html

Also validated on win10 and windows 8.1 and found working fine there.

Further, on installing agent with endpoint on win7 machine has following behavior:

• Agent logs got generated:
  elastic-agent_logs.txt
• Endpoint folder was available at host.
• Logging level was blank. elastic endpoint YAML file: elastic-endpoint[win7].txt
• Host was visible under Admin tab with policy status as failure.
  
• After changing agent logging level, restarted the host and, policy status gets updated on Admin tab.
  

Please let us know if anything else is required.

Thanks
QAS

[michalpristas]

@dikshachauhan-qasource can we plan on retesting this one?

[dikshachauhan-qasource]

Hi @michalpristas

I have revalidated this issue on windows 7 at latest 7.14 snapshot build and found it Fixed.

Observations made:

• Agent logs got generated under agent logs tab.
• Endpoint folder was available at host.
• Logging level was set to debug. elastic endpoint YAML file: elastic-endpoint[win7].txt
• Host was visible under Admin tab with policy status as failure.
• After few minutes it got updated to success under Admin tab.

Screenshot:

Build details:

BUILD 41559
COMMIT 9838db392e7fcfc12f004b68fb1b09739f131148

Please let us know if anything else is required.

Thanks
QAS

[michalpristas]

thanks @dikshachauhan-qasource
@EricDavisX can we close this one then