elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
41 stars 453 forks source link

File Integrity Monitoring | Input not supported Error #8426

Open JustAEngineer opened 1 year ago

JustAEngineer commented 1 year ago
Elastic Agent: v8.8.2
File Integrity Monitoring: v1.8.0
Host OS Version: Ubuntu 22.04.3

As stated in the title, once I have the FIM integration added to the policy, agent state turned to "Unhealthy" and input log shows "input not supported" error. I have tried it with and without any other integrations (OSquery and System). Does not seem like a conflict issue.

Error messages:

[elastic_agent][info] Updating running component model
[elastic_agent][info] Unit state changed osquery-default-random-hash (HEALTHY->CONFIGURING): Configuring
[elastic_agent][info] Unit state changed log-default-logfile-system-random-hash (HEALTHY->CONFIGURING): Configuring
[elastic_agent][error] Spawned new component audit/file_integrity-default: input not supported
[elastic_agent][error] Spawned new unit audit/file_integrity-default-audit/file_integrity-fim-random-hash: input not supported
[elastic_agent][error] Spawned new unit audit/file_integrity-default: input not supported
elasticmachine commented 10 months ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

andrewkroh commented 10 months ago

I don't recall any past issues with Elastic Agent and that input. I tested using 8.11.3 just now and there were no issues starting the input. Recommend trying to reproduce the issue with the latest Elastic Agent.