CentOS Stream8 Elastic Agent not sending streams

uf0 · September 10, 2021, 9:56am

Hello

I have just setup a fresh install of ELK + a few agents running on Ubuntu and everything works as expected.

However, as soon as I add the same agent version, 7.14.1 on a CentOS Strem 8, it fails with the following error under filebeat logs:

/opt/Elastic/Agent/data/elastic-agent-703d58/logs/default/filebeat-json.log

{"log.level":"error","@timestamp":"2021-09-10T05:54:22.825-0400","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"Elastic Certificate Tool Autogenerated CA\")","service.name":"filebeat","network":"tcp","address":"siem03.clear.com:9200","ecs.version":"1.6.0"}

I have already imported the .crt in the local trust store and also enrolled the agent with the '--insecure' keyword and also --fleet-server-es-ca=[path to cert]

Why the same configuration works on Ubuntu and not on CentOS?

Thanks in advance

blaker · September 13, 2021, 3:45pm

Did you import the CA into the local store? If you imported the CA why the usage of --insecure? If the CA is imported it will be able to successfully validate the certificate, as long as the CA is for the correct domain or IP address.

uf0 · September 15, 2021, 9:04am

thank you, I actually fixed it shortly after, when verifying that the CentOS had the correct cert installed in the trust store.

system · October 13, 2021, 9:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.