Hello, I'm trying to initialize Security Endpoint on a Linux Ubuntu 20.04.4 LTS. After that I had a 13 problems for example: "Configure File Events Failure enabling file events; current state is disabled". I tried to diagnose the problem and found:
- ./elastic-agent status
Status: DEGRADED
Message: app endpoint-security--8.4.2-8ff7857f: Protecting with policy {3de02602-0086-4935-99c7-13141468ea06}
Applications:
* filebeat (HEALTHY)
Running
* filebeat_monitoring (HEALTHY)
Running
* metricbeat_monitoring (HEALTHY)
Running
* endpoint-security (DEGRADED)
Protecting with policy {3de02602-0086-4935-99c7-13141468ea06}
* metricbeat (HEALTHY)
Running
- ./elastic-agent diagnostics
* name: endpoint-security route_key: default
error: Get "http://unix/": dial unix /opt/Elastic/Agent/data/tmp/default/endpoint-security/endpoint-security.sock: connect: no such file or directory
- Logs from: cat endpoint-000000.log | grep error
{"@timestamp":"2022-10-12T07:35:37.084461884Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":312,"name":"SystemLib.cpp"}}},"message":"SystemLib.cpp:312 Failed to stat device [/dev/loop3]","process":{"pid":1352223,"thread":{"id":1352223}}}
{"@timestamp":"2022-10-12T07:35:37.08508799Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":312,"name":"SystemLib.cpp"}}},"message":"SystemLib.cpp:312 Failed to stat device [/dev/loop3]","process":{"pid":1352223,"thread":{"id":1352223}}}
{"@timestamp":"2022-10-12T07:35:37.090775618Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":2876,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:2876 Failed to download artifact diagnostic-configuration-v1 - Invalid url","process":{"pid":1352223,"thread":{"id":1352223}}}
{"@timestamp":"2022-10-12T07:35:37.090803332Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":646,"name":"Artifacts.cpp"}}},"message":"Artifacts.cpp:646 Artifact diagnostic-configuration-v1 download or verification failed","process":{"pid":1352223,"thread":{"id":1352223}}}
{"@timestamp":"2022-10-12T07:35:37.114191714Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":240,"name":"Tux_HostIsolation.cpp"}}},"message":"Tux_HostIsolation.cpp:240 Failed to mount bpf fs at /sys/fs/bpf: error 13","process":{"pid":1352223,"thread":{"id":1352235}}}
{"@timestamp":"2022-10-12T07:35:37.115493153Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"info","origin":{"file":{"line":106,"name":"Internal.cpp"}}},"message":"Internal.cpp:106 sqlite3_prepare_v2 failed: rc=1, msg=SQL logic error","process":{"pid":1352223,"thread":{"id":1352223}}}
{"@timestamp":"2022-10-12T07:35:37.163894839Z","agent":{"id":"00000000-0000-0000-0000-000000000000","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":431,"name":"Comms.cpp"}}},"message":"Comms.cpp:431 No valid comms client configured","process":{"pid":1352223,"thread":{"id":1352223}}}
{"@timestamp":"2022-10-12T07:36:00.957014714Z","agent":{"id":"f1431890-4d3a-42dc-b8f1-44693292530a","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":2138,"name":"Config.cpp"}}},"message":"Config.cpp:2138 Initial configuration application failed","process":{"pid":1352223,"thread":{"id":1352305}}}
{"@timestamp":"2022-10-12T07:36:00.957748606Z","agent":{"id":"f1431890-4d3a-42dc-b8f1-44693292530a","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":288,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:288 Failed to apply new policy from Agent.","process":{"pid":1352223,"thread":{"id":1352305}}}
{"@timestamp":"2022-10-12T07:40:39.004336797Z","agent":{"id":"f1431890-4d3a-42dc-b8f1-44693292530a","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":2145,"name":"Config.cpp"}}},"message":"Config.cpp:2145 Policy failed to apply and rollback is disabled","process":{"pid":1352223,"thread":{"id":1352232}}}
{"@timestamp":"2022-10-12T07:49:33.659408762Z","agent":{"id":"f1431890-4d3a-42dc-b8f1-44693292530a","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":2145,"name":"Config.cpp"}}},"message":"Config.cpp:2145 Policy failed to apply and rollback is disabled","process":{"pid":1352223,"thread":{"id":1352305}}}
{"@timestamp":"2022-10-12T07:49:33.661166658Z","agent":{"id":"f1431890-4d3a-42dc-b8f1-44693292530a","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":288,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:288 Failed to apply new policy from Agent.","process":{"pid":1352223,"thread":{"id":1352305}}}