I have gone the path of install Fleet Server and Agents in my lab server. My setup is:
- Windows Server 2016 with Symantec Endpoint Protection installed
- A Linux VM at 192.168.1.10 running ELK stack properly
- A Linux VM at 192.168.1.12 as a Fleet server running properly.
I want to capture the Symantec logs. I have installed Elastic Agent on my Windows Server machine with the -f and --insecure flags. My agent appears just fine in my ELK but no log files reach my Elasticsearch. Inspecting my Agent with
elastic-agent inspect I get:
outputs: default: api_key: o6vROIMBjmPULt7K0k96:LMrf5Y7LQ8S05pTb5GG1aw hosts: - http://localhost:9200 type: elasticsearch revision: 8
I suspect that the agent is trying to push logs to localhost and not to 192.168.1.10 as it should be.