Hello world, I have a problem when testing Elastic Security with "Current plan:Basic".
OS Version: Ubuntu 20.04 for Elastic Agent and Elasticsearch-Kibana-Fleet serve
Elastic Stack Version: 8.13.4
I am using the superuser "elastic" to log in to Kibana.
I have an Elasticsearch-Kibana-Fleet server with an auto-signed certificate. I created a policy with some integrations, I downloaded the Elastic Agent on another host and enrolled the policy token. Everything seems alright until I try to add Elastic Defend to this policy.
The status of the machine is "Unhealthy", and the error message is "Elastic Defend requires Elastic Agent to be installed at the default installation path". I find that he package '/opt/Elastic/Endpoint' is not installed.
And the log is
11:00:49.668
elastic_agent
[elastic_agent][info] Metrics endpoint listening on: 127.0.0.1:6791 (configured: http://localhost:6791)
11:00:50.808
elastic_agent
[elastic_agent][error] Spawned new component endpoint-default: Elastic Defend requires Elastic Agent be installed at the default installation path
I put my conf file here maybe it can help:
-rw-rw---- 1 kibana kibana 7956 mai 10 13:13 kibana.yml:
server.port: 5601
server.host: "0.0.0.0"
server.publicBaseUrl: "https://kibana:5601"
server.ssl.enabled: true
server.ssl.certificateAuthorities: ["/etc/kibana/certs/ca/ca.crt"]
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
elasticsearch.hosts: ["https://elastic:9200"]
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/ca/ca.crt" ]
elasticsearch.ssl.verificationMode: full
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
pid.file: /run/kibana/kibana.pid
and:
-rwxrwxrwx 1 elasticsearch elasticsearch 4046 mai 10 11:06 elasticsearch.yml
cluster.name: es-demo
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: elastic
http.port: 9200
transport.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
certificate: certs/elastic/elastic.crt
key: certs/elastic/elastic.key
certificate_authorities: certs/ca/ca.crt
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["Elastic-Kibana-Fleet"]
http.host: 0.0.0.0
and the command to install elastic-agent is:
#curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.13.4-linux-x86_64.tar.gz
#tar xzvf elastic-agent-8.13.4-linux-x86_64.tar.gz
cd elastic-agent-8.13.4-linux-x86_64
sudo ./elastic-agent install --url=https://fleet-server:8220 --enrollment-token=My_Policy_Enrollment_token --fleet-server-es-ca=./ca-fleet.crt --certificate-authorities=./ca-fleet.crt
the message is:
Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:Y
[ ===] Service Started [3m50s] Elastic Agent successfully installed, starting enrollment.
[====] Waiting For Enroll... [3m51s] {"log.level":"info","@timestamp":"2024-05-14T11:00:42.261+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":519},"message":"Starting enrollment to URL: https://fleet-server:8220/","ecs.version":"1.6.0"}
[ =] Waiting For Enroll... [3m52s] {"log.level":"info","@timestamp":"2024-05-14T11:00:43.537+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":482},"message":"Restarting agent daemon, attempt 0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-05-14T11:00:43.543+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":300},"message":"Successfully triggered restart on running Elastic Agent.","ecs.version":"1.6.0"}
Successfully enrolled the Elastic Agent.
[ =] Done [3m52s]
Elastic Agent has been successfully installed
I tried to uninstall the agent and reinstall it, but it didn't work. Do you have any ideas for this probleme? Did i miss some steps?
Best regards