[system]: On Windows extra agentbeat is started

[leehinman]

Integration Name

System [system]

Dataset Name

auth

Integration Version

2.7.2

Agent Version

9.3.0

Agent Output Type

elasticsearch

Elasticsearch Version

9.3.0-SNAPSHOT

OS Version and Architecture

Windows 11

Software/API Version

No response

Error Message

No response

Event Original

No response

What did you do?

Install system integration, all default configuration

What did you see?

one agentbeat is started and it is configured to read from '/var/log'. This is just taking up extra resources on a Windows host since all the "log files" will be read from the windows event log

What did you expect to see?

agentbeat reading windows events and agentbeat reading metrics.

Anything else?

The condition here:

integrations/packages/system/manifest.yml

Lines 51 to 64 in bb632b7

	- type: logfile
	title: Collect logs from System instances
	description: Collecting System auth and syslog logs from files
	vars:
	- name: condition
	title: Condition
	description: |
	Condition to filter when to apply this input. Refer to
	[Host provider](https://www.elastic.co/guide/en/fleet/current/host-provider.html)
	to find the available keys and to
	[Conditions](https://www.elastic.co/guide/en/fleet/current/dynamic-input-configuration.html#conditions)
	on how to use the available keys in conditions. It defaults to
	'${host.os_version} != "12 (bookworm)" and ${host.os_version} != "13 (trixie)" and (${host.os_platform} != "amzn" or ${host.os_version} != "2023") and (${host.os_platform} != "sles" and ${host.os_version} != "15 SP1"
	and ${host.os_version} != "15 SP2" and ${host.os_version} != "15 SP3" and ${host.os_version} != "15 SP4" and ${host.os_version} != "15 SP5" and ${host.os_version} != "15 SP6" and ${host.os_version} != "15 SP7")'

allows this to run on Windows hosts, and it shouldn't.

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)