elasticmachine
commented
1 week ago Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
Open amolnater-qasource opened 1 week ago
elasticmachine
commented
1 week ago Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
amolnater-qasource
commented
1 week ago @muskangulati-qasource Please review.
muskangulati-qasource
commented
1 week ago Secondary review is done for this ticket!
cmacknz
commented
1 week ago I see this is privileged/admin agent looking in agent-info.yaml:
agent_id: 881c5687-32af-4bf9-b62f-4b74f2f688ec
headers: {}
log_level: info
snapshot: true
unprivileged: false
version: 8.16.0
Also that this is coming from the winlog input. Tagging @nfritts and @elastic/sec-windows-platform.
input-winlog-default-winlog-windows-4ea5f67a-48fc-41ea-b586-2a29eac6423a:
message: 'Encountered channel not found error when opening Windows Event Log: The specified channel could not be found.'
payload:
streams:
winlog-windows.forwarded-4ea5f67a-48fc-41ea-b586-2a29eac6423a:
error: ""
status: HEALTHY
winlog-windows.powershell-4ea5f67a-48fc-41ea-b586-2a29eac6423a:
error: ""
status: HEALTHY
winlog-windows.powershell_operational-4ea5f67a-48fc-41ea-b586-2a29eac6423a:
error: ""
status: HEALTHY
winlog-windows.sysmon_operational-4ea5f67a-48fc-41ea-b586-2a29eac6423a:
error: 'Encountered channel not found error when opening Windows Event Log: The specified channel could not be found.'
status: DEGRADED
Kibana Build details:
Artifact: https://snapshots.elastic.co/8.16.0-39df64b4/downloads/beats/elastic-agent/elastic-agent-8.16.0-SNAPSHOT-windows-x86_64.zip
Host: Windows Server 2022- Test Signing ON
Preconditions:
Steps to reproduce:
Encountered channel not found errorExpected Result: No error should be displayed on adding Windows integration to the Windows agent.
Logs: elastic-agent-diagnostics-2024-10-09T06-48-15Z-00.zip
Screenshots:
