Spitballing here based on my experience in the field but without any specific knowledge about Equifax's situation:
Their monitoring system might have been using TLS to communicate the events to their aggregation tool, and when the cert expired, you don't really want log data with potentially confidential/critical security information traversing insecure channels, so they may have had it configured to not send any data if the cert wasn't valid.
As for warnings about the cert, it's possible they (stupidly) configured it to not send warnings, or maybe it was sending warnings but nobody was paying attention. I've seen situations before where such warnings were set to go to XYZ person's mailbox, but XYZ person leaves the company and nobody remembered to update the destination address for the alerts.
Their monitoring system might have been using TLS to communicate the events to their aggregation tool, and when the cert expired, you don't really want log data with potentially confidential/critical security information traversing insecure channels, so they may have had it configured to not send any data if the cert wasn't valid.
As for warnings about the cert, it's possible they (stupidly) configured it to not send warnings, or maybe it was sending warnings but nobody was paying attention. I've seen situations before where such warnings were set to go to XYZ person's mailbox, but XYZ person leaves the company and nobody remembered to update the destination address for the alerts.