Elastic Agent outputs to localhost?

simpleman · September 13, 2022, 10:00pm

I have gone the path of install Fleet Server and Agents in my lab server. My setup is:

Windows Server 2016 with Symantec Endpoint Protection installed
A Linux VM at 192.168.1.10 running ELK stack properly
A Linux VM at 192.168.1.12 as a Fleet server running properly.

I want to capture the Symantec logs. I have installed Elastic Agent on my Windows Server machine with the -f and --insecure flags. My agent appears just fine in my ELK but no log files reach my Elasticsearch. Inspecting my Agent with elastic-agent inspect I get:

outputs:
  default:
    api_key: o6vROIMBjmPULt7K0k96:LMrf5Y7LQ8S05pTb5GG1aw
    hosts:
    - http://localhost:9200
    type: elasticsearch
revision: 8

I suspect that the agent is trying to push logs to localhost and not to 192.168.1.10 as it should be.
Any help?

simpleman · September 14, 2022, 7:59pm

My bad. I didn't see I could set the output host from inside Kibana.

system · October 12, 2022, 8:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ELK in docker - fleet server on the host Elasticsearch docker , fleet	1	249	November 29, 2023
Agent healthy but not sending logs Elastic Agent fleet	2	66	August 28, 2024
Fleet server agent output not supported Elastic Agent fleet	2	285	August 22, 2023
Elastic Agent (Security Onion) Elastic Agent elastic-stack-monitoring	11	50	November 23, 2024
Elastic-Agent installed, but not viewable in Security Hosts tab or logs in Kibana Endpoint Security docker , fleet	9	2456	April 4, 2022

Elastic Agent outputs to localhost?

Related topics