Description
Elastic Agent is a supervisor and can run any binary supporting the elastic-agent-client. This allows Elastic Agent to be extended with additional binaries. At the moment these binaries must be built by Elastic for signing. One of the ideas discussed is, that at one point this can also be used by non Elastic binaries.
But the above still puts a burden on running custom inputs / collectors built by users. The collectors might already exist and adding support for the elastic-agent-client is not feasible. Instead these collectors / scripts could be executed by an input similar to the old exectbeat.
This exec input could be configured to run any command on a predefined schedule and would read the data from stdout. Different output formats like prometheus, json and others would be supported.
The configuration could look something like:
inputs:
- type: command
schedule: 10s
format: json
run: /foo/bar/my-collector.py
This would run my-collector.py every 10s.
There are security concerns around being able to just execute commands in an Elastic Agent especially in the context of Fleet. I would expect this input to be in a separate binary potentially not shipped by default. In addition, it could be blocked in capabilities.yml by default. A user would have to enable it for every Elastic Agent where this should be available.