Elastic endpoint is not sending to TLS protected cluster

Bert_Colemont · May 15, 2021, 1:24pm

Hi all,

I have managed to setup an elastic cluster with 3 nodes.
Kibana is running on node-1

Now I installed the elastic endpoint agent to my windows machine.

.\elastic-agent.exe install -f --kibana-url=http://elastic-1:5601 --enrollment-token=T1RxQmJYa0Jxc3I3Yk1uOUNpeG06Qnd2M3ZoTnFUS3F2Smdwd1BwbERzQQ== --insecure

In my config I set https://elastc-2:9200 as logging point.

In the overview I don't see anything appear from the elastic endpoint.

Anyone who can tell me where I need to look?
Has it something to do that my elastic nodes are TLS encrypted? Do I need to add the certificate somewhere to the elastic endpoint config?

Thx!

ferullo · May 17, 2021, 1:56pm

Hi @Bert_Colemont . Thanks for checking out Elastic Endpoint!

Can you clarify a few things?

Is the Elastic Agent for the host that seems to working incorrectly in a Healthy state in Fleet?
Where are you looking when you say "In the overview I don't see anything appear from the elastic endpoint."?
If you go to Security -> Administration do you see the host(s) where there Endpoint Security integration is enabled?

Bert_Colemont · May 17, 2021, 5:56pm

It shows as healthy in the fleet manager
I looked in the overview and via the fleet manager --> agent --> logs
Yes

ferullo · May 18, 2021, 3:52pm

Ah, ok. In that case I think everything is working properly.

By default, only Elastic Agent logs are shown on the page you referred to. If you select elastic_agent.endpoint_security from the Dataset dropdown menu should see logs from Endpoint as well.

Let me know if that doesn't resolve your issue.

system · June 15, 2021, 3:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.