Elastic Agent and/or Filebeat

insurin · April 22, 2021, 1:42pm

HI all. I have followed this guide ELK-SIEM/Deployment-Guide at main · watsoninfosec/ELK-SIEM · GitHub This installs ElasticSearch, Kibana, Logstash and Filebeat on Ubuntu. I have 3 Windows Servers showing as healthy. ELK version is 7.12

To enroll my Windows servers, I click on Fleet/Add Agent/Enroll in Fleet. I then download the Elastic Agent to Windows Server and copy the syntax into Powershell on the Windows server. This install the elastic agent.

If my policy includes the IIS integration do I still need to unzip Filebeats and configure the filebeat.yml?

So far, I can get my agents showing as healthy etc but if I want IIS stats do I need to manually install/configure filebeats too?

Marius_Iversen · April 27, 2021, 11:57am

Elastic agent is there to do all the configurations and such for you

That means that now and in the future, you only need to install Elastic Agent, configure the policies and the rest is taken care of.

Elastic Agent is currently in Beta though, so some filebeat functionality or modules might not be available yet. If you can see them in the integrations list when you create/modify a policy then it is available to be used for Agent.

The free Elastic Endpoint for example also uses Elastic Agent, so the setup is quite similar: Configure and install Elastic Endpoint integration | Elastic Security Solution [7.12] | Elastic

Topic		Replies	Views
What is Elastic agent? Elastic Agent	7	967	November 24, 2022
Elastic agent and filebeat installation in windows PC Elastic Agent filebeat	2	338	November 27, 2022
How does elastic agent configure filebeat Elastic Agent filebeat	10	2269	February 16, 2024
Elastic agents and existing beats Beats filebeat	2	309	July 5, 2021
Filebeat and Winlogbeat Beats filebeat , winlogbeat	7	888	June 1, 2021

Elastic Agent and/or Filebeat

Related topics