Elastic Agent outputs to localhost?

simpleman · September 13, 2022, 10:00pm

I have gone the path of install Fleet Server and Agents in my lab server. My setup is:

Windows Server 2016 with Symantec Endpoint Protection installed
A Linux VM at 192.168.1.10 running ELK stack properly
A Linux VM at 192.168.1.12 as a Fleet server running properly.

I want to capture the Symantec logs. I have installed Elastic Agent on my Windows Server machine with the -f and --insecure flags. My agent appears just fine in my ELK but no log files reach my Elasticsearch. Inspecting my Agent with elastic-agent inspect I get:

outputs:
  default:
    api_key: o6vROIMBjmPULt7K0k96:LMrf5Y7LQ8S05pTb5GG1aw
    hosts:
    - http://localhost:9200
    type: elasticsearch
revision: 8

I suspect that the agent is trying to push logs to localhost and not to 192.168.1.10 as it should be.
Any help?

simpleman · September 14, 2022, 7:59pm

My bad. I didn't see I could set the output host from inside Kibana.

system · October 12, 2022, 8:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.