Beats: [Elastic Agent] State changed to RUNNINGā in agent logs every 20 seconds for endpoint
State of endpoint-security is logged every 20 second
@crowens Can you add elastic agent logs and endpoint logs?
ph
All 10 comments
Pinging @elastic/ingest-management (Team:Ingest Management)
elasticmachine
on 17 Jul 2020
Agent logs.
elastic-agent-json.log
Endpoint logs.
endpoint-000000.log
crowens
on 17 Jul 2020
All I did was install the agent with the Default config (added endpoint).
Versions:
agent:
christopher_owens@crowens-linux-stack-take3:~/elastic-agent-7.9.0-linux-x86_64$ ./elastic-agent version
Agent version is 7.9.0 (build: d5778cc3044511d202ea5eed214629030516d1a8 at 2020-07-16 18:24:30 +0000 UTC)
Endpoint:
christopher_owens@crowens-linux-stack-take3:~/elastic-agent-7.9.0-linux-x86_64$ sudo /opt/Elastic/Endpoint/elasticendpoint version
version: 7.9.0, compiled: Wed Jul 15 00:25:54 2020, branch: 7.9, commit: ab6ca90c49f8576e62a2bc5bb480cc8bf400a5d8
@blakerouse @ferullo - this may be related to the health check payload that includes the policy information?
michaelolo24
on 17 Jul 2020
@michaelolo24 Yes I believe so. I am debugging it, its either the payload keeps changing on Endpoint side, or the Agent is determining that it changed incorrectly.
blakerouse
on 18 Jul 2020
The payload probably does keep changing. It includes some performance metrics on Endpoint (CPU use, memory use).
What should we do? I see three options:
- Some Agent logic to only send it sometimes. This feels wrong.
- Endpoint sends the _same_ payload each time (i.e. reports out of date metrics) except when Endpoint wants to push through an update.
- Endpoint sends _no_ payload except for when it wants to send updates.
ferullo
on 18 Jul 2020
The payload probably does keep changing. It includes some performance metrics on Endpoint (CPU use, memory use).
What should we do? I see three options:
- Some Agent logic to only send it sometimes. This feels wrong.
Yes this feels wrong, Agent should not need special logic for Endpoint in this regard.
- Endpoint sends the _same_ payload each time (i.e. reports out of date metrics) except when Endpoint wants to push through an update.
This would be acceptable and probably the best.
- Endpoint sends _no_ payload except for when it wants to send updates.
This is also okay but will result in 2 payloads being sent. The first one with the payload and then on the next status message with no payload (to Agent that is a change).
blakerouse
on 18 Jul 2020
@blakerouse the issue is on Endpoint side, could we close this?
ph
on 20 Jul 2020
FWIW, this has been fixed in Endpoint. I went with option 2.
ferullo
on 20 Jul 2020
Yes closing this on the Endpoint side.
blakerouse
on 20 Jul 2020
Related issues
tsg
Ā·
4Comments
exekias
Ā·
3Comments
pigletfly
Ā·
3Comments
adriansr
Ā·
3Comments
geekpete
Ā·
3Comments
Most helpful comment
Yes this feels wrong, Agent should not need special logic for Endpoint in this regard.
This would be acceptable and probably the best.
This is also okay but will result in 2 payloads being sent. The first one with the payload and then on the next status message with no payload (to Agent that is a change).