Dear all,
Sorry for asking a question allready seen question but not enough details to solve the pb.
I install elk in docker according to the doc
Docker is running on a host 192.168.50.3.
Docker network is 172.19.0.0/16
(Elasticsearch in a container : IP 172.19.0.2 and kibana in another container IP: 172.19.0.3).
ELK version 8.10.4
Then installing Fleet A fleet server (on the host itself:IP 192.168.50.3)
sudo ./elastic-agent install \
--fleet-server-es=https://172.19.0.3:9200 \
--fleet-server-service-token=XXXXXXXXXXXXXXXXXXXX \
--fleet-server-policy=fleet-server-policy \
--fleet-server-es-ca-trusted-fingerprint=XXXXXXXXXXXXXX \
--fleet-server-port=8220
Everything is fine - get logs
Now trying to add an agent on another linux server
Registering without any problem (with option insecure)
But not logs.
-
My Hypothesis is that the agent is using 172.19.0.3 as the output.
As this is on the internal docker network is fails. Is this correct ? -
According to some other posts. I tried to change the output to
https://192.168.50.3:9200
(comment the line xpack.fleet.outputs: [....
in kibana.yaml
Now I can define the default output to 192.168.0.3
Now I can register fleet server (with install option --fleet-server-es-insecure)
But now no logs from the agent on the host...
So my questions:
In order to accept agents and to get logs from the fleet server on the host AND from agents on some other machines
1° What is the recommended configuration ?
2° When changing the output, what is the command to renew the certificate properly.
Thank you for your attention.
Best regards,
Ken