Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elastic Agent incorrectly logging items under ERROR #4160

Closed
jvalente-salemstate opened this issue Jan 30, 2024 · 1 comment
Closed

Elastic Agent incorrectly logging items under ERROR #4160

jvalente-salemstate opened this issue Jan 30, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@jvalente-salemstate
Copy link

jvalente-salemstate commented Jan 30, 2024
edited
Loading

While troubleshooting an issue with Elastic Defend, and monitoring during installation of the integration, I am seeing that elastic_agent (all seemingly in runtime_service_command.go) is incorrectly logging other log levels as error.

See below, columns are timestamp, data_stream.dataset, log.origin.file.name, log.level, message

2024-01-25 @ 22:19:18.520	elastic_agent	runtime/service_command.go	error	2024-01-26 03:19:18: info: InstallLib.cpp:516 Failed to uninistall with preserved state, attempting full uninstall
2024-01-25 @ 22:19:18.520	elastic_agent	runtime/service_command.go	error	2024-01-26 03:19:18: debug: Service.cpp:804 PPL is supported. This process is unprotected. (TrustLevelSid: absent)
2024-01-25 @ 22:19:18.521	elastic_agent	runtime/service_command.go	error	2024-01-26 03:19:18: warning: Service.cpp:82 Service ElasticEndpoint does not exist
2024-01-25 @ 22:19:18.521	elastic_agent	runtime/service_command.go	error	2024-01-26 03:19:18: warning: Service.cpp:82 Service ElasticEndpointDriver does not exist
2024-01-25 @ 22:19:18.522	elastic_agent	runtime/service_command.go	error	2024-01-26 03:19:18: error: Service.cpp:360 Failed acquiring service handle (ElasticEndpointDriver) with error: Not found and GLE: 1060
2024-01-25 @ 22:19:20.470	elastic_agent	runtime/service_command.go	error	2024-01-26 03:19:20: info: Internal.cpp:413 Writing installation file: C:\Program Files\Elastic\Endpoint\NOTICE.txt
2024-01-25 @ 22:19:39.947	elastic_agent.endpoint_security	AgentContext.cpp	warning	AgentContext.cpp:478 Endpoint is setting status to STARTING, reason: Policy Application Status
2024-01-25 @ 22:19:39.982	elastic_agent.endpoint_security	Certificates.cpp	warning	Certificates.cpp:196 Skipping store location 327680
2024-01-25 @ 22:19:59.954	elastic_agent.endpoint_security	AgentContext.cpp	warning	AgentContext.cpp:478 Endpoint is setting status to CONFIGURING, reason: Policy Application Status

Examples from Defend's installation are included in the bottom as examples of where the level is working.
The message in the elastic_agent messages have various levels such as warning, info, and error but they're all being logged as error

  • Agent Version: 8.12.0
  • Elastic Agent Integration: v1.18.0
  • Elastic Defend Integration: 8.12.0 (I've since installed 8.12.1-preview.0 but after the above logs were generated)
@jvalente-salemstate jvalente-salemstate added the bug Something isn't working label Jan 30, 2024
@cmacknz
Copy link
Member

cmacknz commented Jan 30, 2024

Thanks, duplicate of #2850.

@cmacknz cmacknz closed this as completed Jan 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmacknz @jvalente-salemstate