Elastic Agent stopped sending certain data streams

Elastic Security Endpoint Security
1

Hi,

I have deployed the agent along with the windows intergration. As part of this I wanted to collect Powershell logs.
This was working fine however at 20:31:49.750 yestarday I received my last powershell log on the "windows.powershell" data.stream.

power
power1356×567 43.4 KB

No changes were made on the host side or for the elastic agent or policy. I can not find any explanation or error codes around this.

I have also taken a look at a seperate instance and it seems that the same has occured there i.e. the data stream was up and functioning and after a certain point no more powershell logs have been shipped.

Can anyone advise on where to look for an explanation for this and a potential fix ?

Thanks in advance.

2

Hi there,
Is it just this one stream that has stopped shipping, or has everything from that particular host also stopping coming in?

3

Hi @finbarr996 ,

The I am still getting other streams from the device, the local Powershell logs are also still being crated on the host.

Luke

4

Okay - sorry, in that case I can't assist, it's beyond my skill level.
If you do figure out the answer, do please post it here.

Cheers,
John.

5

Hi @finbarr996 ,

no need to apologies, i appreciate you taking the time to ask the questions :slight_smile: .

6

For anyone who stumbles across this the issue seems to have been fixed by upgrading from 7.10.1 to 7.12.0 .

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.