I was testing the latest version of Elastic Stack 7.10.1. So far, so far following the documentation I managed setup an test environment and setup a small lab.
I am interested in testing (Simulating Attacks) on a machine that has Elastic Agent installed. So far I managed to install it on a windows 7 machine and after pulling my hair over why my Agent is only online for couple of minutes before it goes completely offline I managed to enroll it using Fleet.
My agent is now enrolled but I am not receiving any data. After reviewing Elasticsearch logs I found this error :
[WARN ][o.e.h.AbstractHttpServerTransport] [aio] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/192.168.20.155:9200, remoteAddress=/192.168.20.25:50945}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
This clearly indicates that elasticsearch refusing communication with the machine that has Elastic Agent 192.168.20.25.
I am trying to do the same configuration here as I did for my agents like winlogbeat and filebeat but it doesn't work for me :
Okey I solved it, gonna leave this here for others
Did some more digging in github repos. I found this issue :
which lead me to this other one with a workaround :
Because I am just testing this I disabled verification in the action-store.yml file found (in my windows machine) here C:\Program Files\Elastic\Agent\data\elastic-agent-1da173\:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.