We have an air gapped network. We use Symantec Endpoint Security. We have successfully installed ELK 8.4.1 on VM. On the same VM we have the fleet server running. The registry is running on docker in another VM. I try to collect logs from Symantec using Elastic Agent. The agent is healthy and is sending correctly to the Elasticsearch all the metrics and stuff that comes with the Symantec integration.
But......
I can't send logs from the Symantec... I tried both UDP and log files. Nothing works. On top of that, using the agent on the Symantec VM to read dumped logs, gives an Access Denied on the first log file and nothing happens. Forgive me that I can't provide the exact message body, I will write it down tomorrow. Any help?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.