search

elastic / elastic-agent

Elastic Agent - single, unified way to add monitoring for logs, metrics, and other types of data to a host.
Other
128 stars 138 forks source link

Add a "test output" command #2614

Open AndersonQ opened 1 year ago

AndersonQ commented 1 year ago

Describe the enhancement:

Add a command for the agent which would test all the connections the agent make:

The output of the command would be the config used for each connection such as the address, proxy, any special SSL setting and so on, and the result of the request, the HTTP status and any error, if any.

Similar to the beats test output command.

It could also be part of the diagnostic bundle.

Another further enhancement would be to have traceroute like information, there are a few Go implementations for that:

Describe a specific use case for the enhancement or feature:

As the agent accepts to configure different proxies for fleet-serve, ES output and a global one, and our users have all sorts of network setup, its often questioned if the proxy or any other connection config was properly done. Having such a command would help to identify any issues.

What is the definition of done?

an installed agent on any OS successfully runs a test output command and the information provided clearly shows how the connection to fleet-server, ES (or other) output and artefacts-api id done, which configs are used, and if those connections are successfully established, or the error, if any.

cmacknz commented 1 year ago

One complexity to this is that the agent is a supervisor. Even if the agent process itself can reach the output with the configuration provided, that does not guarantee that each of the sub-processes can with the same configuration. It could be possible for the agent to be able to reach Fleet or Elasticsearch but not Elastic Defend.

cmacknz commented 1 year ago

I should note that today Elastic Defend contacts each of Fleet Server, the Artifacts API, and the data output (Elasticsearch, Logstash, etc) independently of the agent.

AndersonQ commented 1 year ago

One complexity to this is that the agent is a supervisor. Even if the agent process itself can reach the output with the configuration provided, that does not guarantee that each of the sub-processes can with the same configuration. It could be possible for the agent to be able to reach Fleet or Elasticsearch but not Elastic Defend.

Agreed, ideally all the components would do the same, perhaps the agent's test output could take a flag `--include-components`` and the agent would request the components to do the same test.

Of course it either means the agent would call it on every component or send an action