Elatic-agent not sending any data

Elastic Stack Elastic Agent
1

I have installed elastic agent with the same certificates that used for elasticsearch and kibana to communicate with each other. I have all in one deployment.

I used the same certs for agents to communicate but not sure where I am making mistake.

Also when I check the log of agents I got this error.
Please help to with this. where to look for to resolve this. I am also new with certification PKI so not sure how can I solve this. to generate the certs I used this command :

/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in instances.yml --keep-ca-key --out ~/certs.zip


{"@timestamp":"2023-03-29T21:32:24.430276101Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"notice","origin":{"file":{"line":100,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:100 Elasticsearch connection is down","process":{"pid":2102,"thread":{"id":2109}}}
{"@timestamp":"2023-03-29T21:32:29.466972225Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":327,"name":"Http.cpp"}}},"message":"Http.cpp:327 CURL error 60: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: unable to get local issuer certificate]","process":{"pid":2102,"thread":{"id":2109}}}
{"@timestamp":"2023-03-29T21:32:29.467042773Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"notice","origin":{"file":{"line":100,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:100 Elasticsearch connection is down","process":{"pid":2102,"thread":{"id":2109}}}
{"@timestamp":"2023-03-29T21:32:34.500944647Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":327,"name":"Http.cpp"}}},"message":"Http.cpp:327 CURL error 60: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: unable to get local issuer certificate]","process":{"pid":2102,"thread":{"id":2109}}}
{"@timestamp":"2023-03-29T21:32:34.501011059Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"notice","origin":{"file":{"line":100,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:100 Elasticsearch connection is down","process":{"pid":2102,"thread":{"id":2109}}}
{"@timestamp":"2023-03-29T21:32:39.537319785Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"error","origin":{"file":{"line":327,"name":"Http.cpp"}}},"message":"Http.cpp:327 CURL error 60: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: unable to get local issuer certificate]","process":{"pid":2102,"thread":{"id":2109}}}
{"@timestamp":"2023-03-29T21:32:39.537392485Z","agent":{"id":"e98b9dcf-e7da-4a4b-88e3-4c3eb66d9e44","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"notice","origin":{"file":{"line":100,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:100 Elasticsearch connection is down","process":{"pid":2102,"thread":{"id":2109}}}


root@thehivevm:/opt/Elastic# sudo elastic-agent status
Status: HEALTHY
Message: (no message)
Applications:
  * fleet-server           (CONFIGURING)
                           Re-configuring
  * filebeat_monitoring    (HEALTHY)
                           Running
  * metricbeat_monitoring  (HEALTHY)
                           Running
  * apm-server             (HEALTHY)
                           Running
  * endpoint-security      (HEALTHY)
                           Protecting with policy {00007872-df6f-4400-a71f-14e4f227cef2}
root@thehivevm:/opt/Elastic# elastic-agent diagnostics
elastic-agent  version: 7.17.6
               build_commit: 121b2ab96f118e6999f0a4be8e98827a809337db  build_time: 2022-08-23 15:03:34 +0000 UTC  snapshot_build: false
Applications:
  *  name: apm-server         route_key: default
     process: apm-server      id: eb9fc8e5-4c3c-4b13-81f6-3326fdae14d3          ephemeral_id: a6e118b5-5aad-4d8f-8eff-394f24f72fdb  elastic_license: true
     version: 7.17.6          commit: e0bb45a25e3fad66644752aa8c1dea4976686d09  build_time: 2022-08-23 06:48:54 +0000 UTC           binary_arch: amd64
     hostname: thehivevm      username: root                                    user_id: 0                                          user_gid: 0
  *  name: endpoint-security  route_key: default
     error: Get "http://unix/": dial unix /opt/Elastic/Agent/data/tmp/default/endpoint-security/endpoint-security.sock: connect: no such file or directory
  *  name: fleet-server         route_key: default
     process:                   id:         ephemeral_id:                              elastic_license: false
     version: 7.17.6            commit:     build_time: 0001-01-01 00:00:00 +0000 UTC  binary_arch:
     hostname:                  username:   user_id:                                   user_gid:
  *  name: filebeat_monitoring  route_key: default
     error: Get "http://unix/": dial unix /opt/Elastic/Agent/data/tmp/default/filebeat/filebeat.sock: connect: no such file or directory
  *  name: metricbeat_monitoring  route_key: default
     error: Get "http://unix/": dial unix /opt/Elastic/Agent/data/tmp/default/metricbeat/metricbeat.sock: connect: no such file or directory
root@thehivevm:/opt/Elastic#
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.