[Agent] Setting the Agent Log level in UI isn't being sent to Elastic-Security Endpoint yaml so it keeps logging at Info
I'm testing with 7.11 BC5 that was compiled on Jan 26/27
- I set up cloud-prod deploy of stack.
- I install Agent with Default policy to Windows 2012, all works fine.
- I set Agent to a new policy with Endpoint in it, all works fine - except I see some 'debug' error logs from Endpoint which Dan reports as expected, until Endpoint picks up the Agent log level after initial connection
- I set the log level to 'error' and find a minute later it is respected by Agent, and Beats, but not by Endpoint. Endpoint continues to send Info+ level logs.
I pinged Ferullo and he requested the elastic-endpoint.yaml (attached in zip) which shows the log level is 'info' so it isn't getting updated by Agent.
yaml files:
yaml-files.zip
- I have also attached the fleet and agent yaml files from the Agent folder.
excerpt of elastic-endpoint.yaml:
fleet:
agent:
id: b13f5240-60bb-11eb-afd7-b56fbe435287
logging:
level: info
screenshot:
Is there a mis-understanding in the design? I'm not sure if this setting is updated only in running memory of the Agent / Endpoint / Beats, because the Elastic Agent yaml has the level set to 'info' as well, which is consistent, but very confusing since it seems to be working.
[Agent] Setting the Agent Log level in UI isn't being sent to Elastic-Security Endpoint yaml so it keeps logging at Info
I'm testing with 7.11 BC5 that was compiled on Jan 26/27
I pinged Ferullo and he requested the elastic-endpoint.yaml (attached in zip) which shows the log level is 'info' so it isn't getting updated by Agent.
yaml files:
yaml-files.zip
excerpt of elastic-endpoint.yaml:
screenshot:
Is there a mis-understanding in the design? I'm not sure if this setting is updated only in running memory of the Agent / Endpoint / Beats, because the Elastic Agent yaml has the level set to 'info' as well, which is consistent, but very confusing since it seems to be working.