Elastic Endpoint not showing up error

Elastic Security Endpoint Security
#1

Hi all
I have been trying out the elastic endpoint security since yesterday and i have been having some issue with it. So there are a few question i have to address in order to work this out:

  • How to set the ssl to send data to elastic to none.
  • I have successfully enroll the agent to kibana but in the tab administrator in security does not show any host running endpoint security.
  • When i browse the log i notices some error logs:
Http.cpp:38 CURL error 60: SSL peer certificate or SSH remove key was not OK

and

Invalid index enum []

Thanks you for your time.

#2

After viewing the data, it seems that there are logs comming up the elastic in data stream form but somehow the host does not show up in the administrator tab in security so i cant do anything to the host.

#3

Hi @lusynda, what operating system are you using and what Elastic Agent version?

We have been working through some SSL connection issues. Can you look through a few of these posts https://discuss.elastic.co/search?q=authority%20tag%3Aelastic-agent and see if the instructions in any might be relevant to you? Are you using a self signed certificate for your server?

#4

Yes we are using self signed cert but i have already disable the verification mode on the out put of the agent for testing purpose

I am testing on the 7.10 and the os is centos 7

Elastic still get the data in the form of data stream but not normal indices and the host still not show up.

#5

Hi @lusynda sorry for my slow response.

Were you able to get Endpoint to appear in the Administration tab? If not, could you share the 10 logs before and after that CURL/SSL error log you reported to help give more context? Also, can you share the steps you used on your CentOS 7 host to add the root CA certificate so Agent could connect?

When you said "After viewing the data, it seems that there are logs comming up the elastic in data stream form" did you mean you see data appearing in Elastic indices? What index names do you see data streaming to?

#6

I did not get the endpoint to appear on admin tab.

The cer i use are cert generate by elastic like the step on the document guide on the main elastic page.

I mean that it appear to be in data stream form, the log come up to indices .ds-logs-* form which at the moment i did not know that they have already create an index pattern associated with the data stream.