Elastic endpoint is not sending to TLS protected cluster

Elastic Security Endpoint Security
1

Hi all,

I have managed to setup an elastic cluster with 3 nodes.
Kibana is running on node-1

Now I installed the elastic endpoint agent to my windows machine.

.\elastic-agent.exe install -f --kibana-url=http://elastic-1:5601 --enrollment-token=T1RxQmJYa0Jxc3I3Yk1uOUNpeG06Qnd2M3ZoTnFUS3F2Smdwd1BwbERzQQ== --insecure

In my config I set https://elastc-2:9200 as logging point.

In the overview I don't see anything appear from the elastic endpoint.

Anyone who can tell me where I need to look?
Has it something to do that my elastic nodes are TLS encrypted? Do I need to add the certificate somewhere to the elastic endpoint config?

Thx!

2

Hi @Bert_Colemont . Thanks for checking out Elastic Endpoint!

Can you clarify a few things?

  1. Is the Elastic Agent for the host that seems to working incorrectly in a Healthy state in Fleet?
  2. Where are you looking when you say "In the overview I don't see anything appear from the elastic endpoint."?
  3. If you go to Security -> Administration do you see the host(s) where there Endpoint Security integration is enabled?
3
  1. It shows as healthy in the fleet manager
  2. I looked in the overview and via the fleet manager --> agent --> logs
  3. Yes
4

Ah, ok. In that case I think everything is working properly.

By default, only Elastic Agent logs are shown on the page you referred to. If you select elastic_agent.endpoint_security from the Dataset dropdown menu should see logs from Endpoint as well.

Let me know if that doesn't resolve your issue.