I m trying to integrate elastic endpoint security into my ELK stack, i have successfully install fleet and elastic agent to my endpoint but the issue is endpoint is not appearing in endpoint management in kibana.
But endpoint is working fine it blocking threats showing alerts etc but not appearing in management so i can't isolate host through elastic endpoint .
When i restart fleet agent the host appear in management but after 3 min they disappeared and show an error " [elastic_agent][error] Could not communicate with fleet-server Checking API will retry, error: fail to checkin to fleet-server: Post "https://x.x.x.x:8220/api/fleet/agents/4a94fbb2-5074-448d-9fc4-0da3154e8863/checkin?": dial tcp x.x.x.x:8220: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond." . There is no communication restriction between them.
Verify the host where you have the endpoint installed can connect to your Fleet server, e.g.
curl -k -v https://fleet-host:8220.
Endpoint hosts are connected to fleet server.
I enrolled Windows OS as a fleet and it works fine but when I enrolled CentOS as a fleet with the same configuration it shows error.
Since Windows works by CentOS does not it sounds like this could be an SSL certificate issue. Are you using a self signed certificate for your Elastic stack? Can you reach Fleet using
curl -v https://fleet-host:8820?
Yes, I m using Self-signed certificate and able to reached curl -v https://fleet-host:8220
Did you do anything so the Windows machines can reach Fleet? Either the self signed certificates certificate authority needs to be added to the host machines or your Fleet configuration needs to be modified to share the certificate or alter the SSL verification options.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.