Integrate Elastic Endpoint's log output and available stats into Elastic Agent 'diagnostic' collection #105

EricDavisX · 2021-12-13T16:11:29Z

Describe the enhancement:
would like the Elastic Agent to automatically be able to collect Endpoint logs and any configuration or state that is useful during debugging, when the 'diagnostic' call is made at cli.

Describe a specific use case for the enhancement or feature:
Refer to the Agent's implementation Documentation ticket that started the discussion:
elastic/observability-docs#1284 (comment)

We have confirmed that Beats and OSQuery logs are collected, but that Endpoint is not, when the Agent's 'diagnostic' cli usage is invoked. We can discourse various levels of effort and cost-value proposition here.

Lowest effort / value: on Agent side when invoked Agent can at least note that no Endpoint logs are collected and maybe point to the Endpoint doc's for ref.
higher value / more effort (how much is TBD): Have Agent actually include Endpoint's logs in its collection process. The tools to do this are presumably / believed written, but it would need adjustment on Agent side to take in the log location after getting it sent in automatically (at started up?) or calling out to Endpoint to get it.

This is for the Agent side work, Endpoint will have a separate ticket logged to track, and I'll like back.
This was discussed in email/slack first and I'm transferring it here for tracking.

elasticmachine · 2021-12-13T16:11:30Z

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

jlind23 · 2022-01-13T15:21:13Z

@AndersonQ @lykkin can one of you take this one as soon as the 8.2 start?

AndersonQ · 2022-01-13T15:24:54Z

I could take it :)

amolnater-qasource · 2022-06-30T09:14:50Z

Hi Team
We have revalidated this issue on 8.3.1 BC1 Kibana cloud-staging environment and found it fixed now.

sudo elastic-agent diagnostics collect now collects elastic agent and endpoint security logs.

Screenshot:

Logs:
elastic-agent-diagnostics-2022-06-30T09-06-31Z-00.zip

Build details:
BUILD: 53549
COMMIT: a4f8dc60edb19553f16c166ea79c83c16572897a

Hence marking this as QA:Validated.
Thanks

EricDavisX added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Dec 13, 2021

jlind23 added the debugging label Dec 13, 2021

jlind23 mentioned this issue Dec 13, 2021

[Elastic Agent] Improve Elastic Agent debuggability elastic/beats#26930

Open

30 tasks

jlind23 added the 8.2-candidate label Dec 15, 2021

jlind23 added the good first issue Good for newcomers label Jan 13, 2022

jlind23 added v8.2.0 and removed 8.2-candidate labels Jan 28, 2022

jlind23 assigned AndersonQ Jan 28, 2022

jlind23 transferred this issue from elastic/beats Mar 7, 2022

AndersonQ mentioned this issue Mar 23, 2022

Collect Endpoint Security logs on elastic-agent diagnostics collect command #242

Merged

jlind23 added v8.3.0 and removed v8.2.0 labels Apr 12, 2022

AndersonQ closed this as completed in #242 Apr 20, 2022

amolnater-qasource added the QA:Validated Validated by the QA Team label Jun 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integrate Elastic Endpoint's log output and available stats into Elastic Agent 'diagnostic' collection #105

Integrate Elastic Endpoint's log output and available stats into Elastic Agent 'diagnostic' collection #105

EricDavisX commented Dec 13, 2021

elasticmachine commented Dec 13, 2021

jlind23 commented Jan 13, 2022

AndersonQ commented Jan 13, 2022

amolnater-qasource commented Jun 30, 2022

Integrate Elastic Endpoint's log output and available stats into Elastic Agent 'diagnostic' collection #105

Integrate Elastic Endpoint's log output and available stats into Elastic Agent 'diagnostic' collection #105

Comments

EricDavisX commented Dec 13, 2021

elasticmachine commented Dec 13, 2021

jlind23 commented Jan 13, 2022

AndersonQ commented Jan 13, 2022

amolnater-qasource commented Jun 30, 2022