Hi, I'm running fleet managed elastic agent on Elastic 7.15.1. I've multiple agents running on Linux and Windows endpoints. All agents are showing healthy. On both Linux and Windows, custom certificate is added to system's trusted CA repository.
For encrypting traffic, followed the documentation: https://www.elastic.co/guide/en/fleet/current/secure-connections.html
Scenario 1. No certificate added using "ssl.certificate_authorities" under "Fleet Settings" in Kibana
- Elastic Agents running on Linux are successfully ingesting data, but not the Windows one.
Scenario 2. Following this post: https://discuss.elastic.co/t/possible-bug-with-elastic-agent-ca-certificate-checks/267253, added the certificate under "ssl.certificate_authorities" in "Fleet Settings".
- After doing so, started receiving the logs from Windows Endpoints as well, but ingestion rate for Linux dropped to less than half. For the Elastic Agent running on Linux, it is using the Palo Alto (syslog) Integration.
Can someone please help me understand what could be the potential cause behind this behavior? Second, I recently rotated the custom cert on all nodes, before rotation of certs all Elastic Agents (Windows and Linux) all were healthy and sending logs without providing the certificate under Fleet Settings "ssl.certificate_authorities".