ELK in docker - fleet server on the host

Dear all,
Sorry for asking a question allready seen question but not enough details to solve the pb.

I install elk in docker according to the doc

Docker is running on a host 192.168.50.3.
Docker network is 172.19.0.0/16
(Elasticsearch in a container : IP 172.19.0.2 and kibana in another container IP: 172.19.0.3).
ELK version 8.10.4

Then installing Fleet A fleet server (on the host itself:IP 192.168.50.3)

 sudo ./elastic-agent install \
  --fleet-server-es=https://172.19.0.3:9200 \
  --fleet-server-service-token=XXXXXXXXXXXXXXXXXXXX \
  --fleet-server-policy=fleet-server-policy \
  --fleet-server-es-ca-trusted-fingerprint=XXXXXXXXXXXXXX \
  --fleet-server-port=8220

Everything is fine - get logs

Now trying to add an agent on another linux server
Registering without any problem (with option insecure)
But not logs.

  1. My Hypothesis is that the agent is using 172.19.0.3 as the output.
    As this is on the internal docker network is fails. Is this correct ?

  2. According to some other posts. I tried to change the output to
    https://192.168.50.3:9200
    (comment the line xpack.fleet.outputs: [....
    in kibana.yaml

Now I can define the default output to 192.168.0.3
Now I can register fleet server (with install option --fleet-server-es-insecure)

But now no logs from the agent on the host...

So my questions:
In order to accept agents and to get logs from the fleet server on the host AND from agents on some other machines
1° What is the recommended configuration ?
2° When changing the output, what is the command to renew the certificate properly.

Thank you for your attention.
Best regards,
Ken

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.