[Elastic Agent] Allow the agent to collect and send the log of endpoint. #21796
Comments
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
ph
changed the title
|
Endpoint logs are in ECS JSON. They're placed in |
|
I think we should standardise on where each process writes the logs so Agent only needs to check in one place. This might be already the case but @blakerouse will know more. |
|
Endpoint can move where it writes logs if that would be useful to Agent. As long as Agent is always installed when Endpoint is (I think that's true but an not positive on the update scenario) it seems easy enough for Endpoint to just write logs into an Agent directory. If a decision for a unified logging directory is made, just let the Endpoint team know and we'll make the change. |
|
++ on unifying the logging directory and probably best also the format and basic content (what fields are the minimal requirement). @blakerouse @michalpristas Could you define this? |
|
Being that Agent installs Endpoint into its own installation directory, I think it would be better to have Endpoint place the logs in its own directory. I think its weird to place it inside of Elastic Agent directory, being it is not a direct subprocess of Agent. |
|
We still need to define the log format / minimal content? |
|
Hi @EricDavisX We have updated 01 test case and created 01 testcase for this ticket and test cases link are as follows: Please let us know if anything else if required to cover. Thanks |
We need to add support for collecting endpoint logs and send them to the following data_stream:
logs-elastic_agent.endpoint-{namespace}with no configured namespace it will belogs-elastic_agent.endpoint-default.@ferullo Are you writing JSON formatted logs or using only plaintext?
The text was updated successfully, but these errors were encountered: