Elastic endpoint is not sending to TLS protected cluster

Hi all,

I have managed to setup an elastic cluster with 3 nodes.
Kibana is running on node-1

Now I installed the elastic endpoint agent to my windows machine.

.\elastic-agent.exe install -f --kibana-url=http://elastic-1:5601 --enrollment-token=T1RxQmJYa0Jxc3I3Yk1uOUNpeG06Qnd2M3ZoTnFUS3F2Smdwd1BwbERzQQ== --insecure

In my config I set https://elastc-2:9200 as logging point.

In the overview I don't see anything appear from the elastic endpoint.

Anyone who can tell me where I need to look?
Has it something to do that my elastic nodes are TLS encrypted? Do I need to add the certificate somewhere to the elastic endpoint config?

Thx!

Hi @Bert_Colemont . Thanks for checking out Elastic Endpoint!

Can you clarify a few things?

  1. Is the Elastic Agent for the host that seems to working incorrectly in a Healthy state in Fleet?
  2. Where are you looking when you say "In the overview I don't see anything appear from the elastic endpoint."?
  3. If you go to Security -> Administration do you see the host(s) where there Endpoint Security integration is enabled?
  1. It shows as healthy in the fleet manager
  2. I looked in the overview and via the fleet manager --> agent --> logs
  3. Yes

Ah, ok. In that case I think everything is working properly.

By default, only Elastic Agent logs are shown on the page you referred to. If you select elastic_agent.endpoint_security from the Dataset dropdown menu should see logs from Endpoint as well.

Let me know if that doesn't resolve your issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.