Sorry for asking a question allready seen question but not enough details to solve the pb.
I install elk in docker according to the doc
Docker is running on a host 192.168.50.3.
Docker network is 172.19.0.0/16
(Elasticsearch in a container : IP 172.19.0.2 and kibana in another container IP: 172.19.0.3).
ELK version 8.10.4
Then installing Fleet A fleet server (on the host itself:IP 192.168.50.3)
sudo ./elastic-agent install \ --fleet-server-es=https://172.19.0.3:9200 \ --fleet-server-service-token=XXXXXXXXXXXXXXXXXXXX \ --fleet-server-policy=fleet-server-policy \ --fleet-server-es-ca-trusted-fingerprint=XXXXXXXXXXXXXX \ --fleet-server-port=8220
Everything is fine - get logs
Now trying to add an agent on another linux server
Registering without any problem (with option insecure)
But not logs.
My Hypothesis is that the agent is using 172.19.0.3 as the output.
As this is on the internal docker network is fails. Is this correct ?
According to some other posts. I tried to change the output to
(comment the line xpack.fleet.outputs: [....
Now I can define the default output to 192.168.0.3
Now I can register fleet server (with install option --fleet-server-es-insecure)
But now no logs from the agent on the host...
So my questions:
In order to accept agents and to get logs from the fleet server on the host AND from agents on some other machines
1° What is the recommended configuration ?
2° When changing the output, what is the command to renew the certificate properly.
Thank you for your attention.