From 2d13bf1a61441f43ee14cfc33e495a32249e3d7c Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Tue, 1 Aug 2023 14:40:12 -0400
Subject: [PATCH 1/5] Present logs to the host

---
 salt/elasticagent/enabled.sls | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/salt/elasticagent/enabled.sls b/salt/elasticagent/enabled.sls
index b133d94ab..bff4cee6b 100644
--- a/salt/elasticagent/enabled.sls
+++ b/salt/elasticagent/enabled.sls
@@ -33,6 +33,7 @@ so-elastic-agent:
         {% endif %}
     - binds:
       - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
+      - /opt/so/log/elastic-agent:/usr/share/elastic-agent/logs
       - /etc/pki/tls/certs/intca.crt:/etc/pki/tls/certs/intca.crt:ro 
       - /nsm:/nsm:ro
       - /opt/so/log:/opt/so/log:ro
@@ -40,7 +41,8 @@ so-elastic-agent:
         {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
       - {{ BIND }}
         {% endfor %}
-      {% endif %}      
+      {% endif %}
+      - LOGS_PATH=logs
     - environment:
       - FLEET_CA=/etc/pki/tls/certs/intca.crt
       {% if DOCKER.containers['so-elastic-agent'].extra_env %}

From 1cbf60825d0f47bc0a7831840fdb7ef6f8bb4d9d Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Tue, 1 Aug 2023 14:40:52 -0400
Subject: [PATCH 2/5] Add log dir

---
 salt/elasticagent/config.sls | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/salt/elasticagent/config.sls b/salt/elasticagent/config.sls
index 8b24f3b22..b0b4321fa 100644
--- a/salt/elasticagent/config.sls
+++ b/salt/elasticagent/config.sls
@@ -28,6 +28,13 @@ elasticagentconfdir:
     - group: 939
     - makedirs: True
 
+elasticagentlogdir:
+   file.directory:
+     - name: /opt/so/log/elastic-agent
+     - user: 949
+     - group: 939
+     - makedirs: True
+
 elasticagent_sbin_jinja:
   file.recurse:
     - name: /usr/sbin

From 4e2eb86b36e4fc2c999bbb0957618f5b78ebda56 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Tue, 1 Aug 2023 20:11:51 +0000
Subject: [PATCH 3/5] Move LOGS_PATH to environment vars

---
 salt/elasticagent/enabled.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elasticagent/enabled.sls b/salt/elasticagent/enabled.sls
index bff4cee6b..67d7b975d 100644
--- a/salt/elasticagent/enabled.sls
+++ b/salt/elasticagent/enabled.sls
@@ -42,9 +42,9 @@ so-elastic-agent:
       - {{ BIND }}
         {% endfor %}
       {% endif %}
-      - LOGS_PATH=logs
     - environment:
       - FLEET_CA=/etc/pki/tls/certs/intca.crt
+      - LOGS_PATH=logs
       {% if DOCKER.containers['so-elastic-agent'].extra_env %}
         {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %}
       - {{ XTRAENV }}

From 44b086a02864415010764d5afe5bae25a4e87461 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Tue, 1 Aug 2023 20:13:50 +0000
Subject: [PATCH 4/5] Change path

---
 salt/elasticagent/config.sls  | 2 +-
 salt/elasticagent/enabled.sls | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/elasticagent/config.sls b/salt/elasticagent/config.sls
index b0b4321fa..b54186fab 100644
--- a/salt/elasticagent/config.sls
+++ b/salt/elasticagent/config.sls
@@ -30,7 +30,7 @@ elasticagentconfdir:
 
 elasticagentlogdir:
    file.directory:
-     - name: /opt/so/log/elastic-agent
+     - name: /opt/so/log/elasticagent
      - user: 949
      - group: 939
      - makedirs: True
diff --git a/salt/elasticagent/enabled.sls b/salt/elasticagent/enabled.sls
index 67d7b975d..963b8549b 100644
--- a/salt/elasticagent/enabled.sls
+++ b/salt/elasticagent/enabled.sls
@@ -33,7 +33,7 @@ so-elastic-agent:
         {% endif %}
     - binds:
       - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
-      - /opt/so/log/elastic-agent:/usr/share/elastic-agent/logs
+      - /opt/so/log/elasticagent:/usr/share/elastic-agent/logs
       - /etc/pki/tls/certs/intca.crt:/etc/pki/tls/certs/intca.crt:ro 
       - /nsm:/nsm:ro
       - /opt/so/log:/opt/so/log:ro

From 0e047cffad7d39ed0d3cde192e110c60ffde7242 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Tue, 1 Aug 2023 20:14:53 +0000
Subject: [PATCH 5/5] Add to logrotate

---
 salt/logrotate/defaults.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/salt/logrotate/defaults.yaml b/salt/logrotate/defaults.yaml
index 311a344b3..4d6a688e4 100644
--- a/salt/logrotate/defaults.yaml
+++ b/salt/logrotate/defaults.yaml
@@ -90,6 +90,26 @@ logrotate:
       - extension .log
       - dateext
       - dateyesterday
+    /opt/so/log/elasticagent/*_x_log:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .log
+      - dateext
+      - dateyesterday
+    /opt/so/log/elasticagent/*_x_ndjson:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .ndjson
+      - dateext
+      - dateyesterday
     /opt/so/log/elasticfleet/*_x_log:
       - daily
       - rotate 14