Elastic Agent outputs to localhost?

I have gone the path of install Fleet Server and Agents in my lab server. My setup is:

  1. Windows Server 2016 with Symantec Endpoint Protection installed
  2. A Linux VM at 192.168.1.10 running ELK stack properly
  3. A Linux VM at 192.168.1.12 as a Fleet server running properly.

I want to capture the Symantec logs. I have installed Elastic Agent on my Windows Server machine with the -f and --insecure flags. My agent appears just fine in my ELK but no log files reach my Elasticsearch. Inspecting my Agent with elastic-agent inspect I get:

outputs:
  default:
    api_key: o6vROIMBjmPULt7K0k96:LMrf5Y7LQ8S05pTb5GG1aw
    hosts:
    - http://localhost:9200
    type: elasticsearch
revision: 8

I suspect that the agent is trying to push logs to localhost and not to 192.168.1.10 as it should be.
Any help?

My bad. I didn't see I could set the output host from inside Kibana.

1 Like