Update event logger output via Fleet

If Fleet sends an event logging output configuration different than the one that's running, save it to the encrypted store and re-exec the Elastic-Agent to use the new configuration.
belimawr · Jun 7, 2024 · f8544fb · f8544fb
1 parent 3f421c8
commit f8544fb
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 8 deletions.
diff --git a/internal/pkg/agent/application/actions/handlers/handler_action_policy_change.go b/internal/pkg/agent/application/actions/handlers/handler_action_policy_change.go
@@ -45,6 +45,7 @@ type PolicyChangeHandler struct {
 	ch                   chan coordinator.ConfigChange
 	setters              []actions.ClientSetter
 	policyLogLevelSetter logLevelSetter
+	coordinator          *coordinator.Coordinator
 	// Disabled for 8.8.0 release in order to limit the surface
 	// https://github.com/elastic/security-team/issues/6501
 	// // Last known valid signature validation key
@@ -59,6 +60,7 @@ func NewPolicyChangeHandler(
 	store storage.Store,
 	ch chan coordinator.ConfigChange,
 	policyLogLevelSetter logLevelSetter,
+	coordinator *coordinator.Coordinator,
 	setters ...actions.ClientSetter,
 ) *PolicyChangeHandler {
 	return &PolicyChangeHandler{
@@ -68,6 +70,7 @@ func NewPolicyChangeHandler(
 		store:                store,
 		ch:                   ch,
 		setters:              setters,
+		coordinator:          coordinator,
 		policyLogLevelSetter: policyLogLevelSetter,
 	}
 }
@@ -258,6 +261,11 @@ func (h *PolicyChangeHandler) handlePolicyChange(ctx context.Context, c *config.
 		h.config.Fleet.Client = *validatedConfig
 	}
 
+	loggingHasChanged := h.eventLoggingHasChanged(cfg)
+	if loggingHasChanged {
+		h.config.Settings.EventLoggingConfig = cfg.Settings.EventLoggingConfig
+	}
+
 	// persist configuration
 	err = saveConfig(h.agentInfo, h.config, h.store)
 	if err != nil {
@@ -270,9 +278,27 @@ func (h *PolicyChangeHandler) handlePolicyChange(ctx context.Context, c *config.
 		return fmt.Errorf("applying FleetClientConfig: %w", err)
 	}
 
+	if loggingHasChanged {
+		// The only way to update the logging configuration
+		// is to re-start the Elastic-Agent
+		h.coordinator.ReExec(nil)
+	}
+
 	return nil
 }
 
+// eventLoggingHasChanged returns true if the output of the event logger has changed
+func (p *PolicyChangeHandler) eventLoggingHasChangsed(new *configuration.Configuration) bool {
+	switch {
+	case p.config.Settings.EventLoggingConfig.ToFiles != new.Settings.EventLoggingConfig.ToFiles:
+		return true
+	case p.config.Settings.EventLoggingConfig.ToStderr != new.Settings.EventLoggingConfig.ToStderr:
+		return true
+	default:
+		return false
+	}
+}
+
 func validateLoggingConfig(cfg *config.Config) (*logger.Config, error) {
 
 	parsedConfig, err := configuration.NewPartialFromConfigNoDefaults(cfg)
@@ -394,12 +420,14 @@ func clientEqual(k1 remote.Config, k2 remote.Config) bool {
 func fleetToReader(agentID string, headers map[string]string, cfg *configuration.Configuration) (io.Reader, error) {
 	configToStore := map[string]interface{}{
 		"fleet": cfg.Fleet,
-		"agent": map[string]interface{}{
-			"id":               agentID,
-			"headers":          headers,
-			"logging.level":    cfg.Settings.LoggingConfig.Level,
-			"monitoring.http":  cfg.Settings.MonitoringConfig.HTTP,
-			"monitoring.pprof": cfg.Settings.MonitoringConfig.Pprof,
+		"agent": map[string]interface{}{ // Add event logging configuration here!
+			"id":                           agentID,
+			"headers":                      headers,
+			"logging.level":                cfg.Settings.LoggingConfig.Level,
+			"logging.event_data.to_files":  cfg.Settings.EventLoggingConfig.ToFiles,
+			"logging.event_data.to_stderr": cfg.Settings.EventLoggingConfig.ToStderr,
+			"monitoring.http":              cfg.Settings.MonitoringConfig.HTTP,
+			"monitoring.pprof":             cfg.Settings.MonitoringConfig.Pprof,
 		},
 	}
 

diff --git a/internal/pkg/agent/application/actions/handlers/handler_action_policy_change_test.go b/internal/pkg/agent/application/actions/handlers/handler_action_policy_change_test.go
@@ -53,7 +53,7 @@ func TestPolicyChange(t *testing.T) {
 
 		cfg := configuration.DefaultConfiguration()
 
-		handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t))
+		handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t), &coordinator.Coordinator{})
 
 		err := handler.Handle(context.Background(), action, ack)
 		require.NoError(t, err)
@@ -82,7 +82,7 @@ func TestPolicyAcked(t *testing.T) {
 		}
 
 		cfg := configuration.DefaultConfiguration()
-		handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t))
+		handler := NewPolicyChangeHandler(log, agentInfo, cfg, nullStore, ch, noLogLevelSet(t), &coordinator.Coordinator{})
 
 		err := handler.Handle(context.Background(), action, tacker)
 		require.NoError(t, err)

diff --git a/internal/pkg/agent/application/managed_mode.go b/internal/pkg/agent/application/managed_mode.go
@@ -348,6 +348,7 @@ func (m *managedConfigManager) initDispatcher(canceller context.CancelFunc) *han
 		m.store,
 		m.ch,
 		settingsHandler,
+		m.coord,
 	)
 
 	m.dispatcher.MustRegister(