Elastic Agent outputs to localhost?

I have gone the path of install Fleet Server and Agents in my lab server. My setup is:

  1. Windows Server 2016 with Symantec Endpoint Protection installed
  2. A Linux VM at running ELK stack properly
  3. A Linux VM at as a Fleet server running properly.

I want to capture the Symantec logs. I have installed Elastic Agent on my Windows Server machine with the -f and --insecure flags. My agent appears just fine in my ELK but no log files reach my Elasticsearch. Inspecting my Agent with elastic-agent inspect I get:

    api_key: o6vROIMBjmPULt7K0k96:LMrf5Y7LQ8S05pTb5GG1aw
    - http://localhost:9200
    type: elasticsearch
revision: 8

I suspect that the agent is trying to push logs to localhost and not to as it should be.
Any help?

My bad. I didn't see I could set the output host from inside Kibana.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.