Error: fail to checkin to fleet-server

Elastic Security Endpoint Security
,
1

Hi!

  • I'm using Elastic Cloud SIEM
  • My elastic agent is installed in AWS on EC2
  • Elastic agent has policy with integrations: system (send system logs & metrics), fleet server & office 365 Logs (module integration)
    On Friday I've added the office 365 Logs module and the agent stopped working (went offline). This is what logs are currently on agents itself.
11:59:57.517 elastic_agent
[elastic_agent][error] Could not communicate with fleet-server Checking API will retry, error: fail to checkin to fleet-server: Post "https://ip-17X-XX-X-XX4.eu-central-1.compute.internal:XXXX/api/fleet/agents/21XXXXXX91/checkin?": dial tcp 17X-XX-X-XX4:XXXX: connect: connection refused
12:06:23.837 elastic_agent
[elastic_agent][error] Could not communicate with fleet-server Checking API will retry, error: fail to checkin to fleet-server: Post "https://ip-17X-XX-X-XX4.eu-central-1.compute.internal:XXXX/api/fleet/agents/21XXXXXX91/checkin?": dial tcp 17X-XX-X-XX4:XXXX: connect: connection refused
12:13:02.547 elastic_agent
[elastic_agent][error] Could not communicate with fleet-server Checking API will retry, error: fail to checkin to fleet-server: Post "https://ip-17X-XX-X-XX4.eu-central-1.compute.internal:XXXX/api/fleet/agents/21XXXXXX91/checkin?": dial tcp 17X-XX-X-XX4:XXX: connect: connection refused

Before adding office 365 module, agents was online and was sending system logs & metrics.

The agent is stuck on the error since then.

Edit:
I connected to EC2 instance and run ./elastic-agent
Output:

sudo ./elastic-agent
2021-12-20T11:27:10.441Z        INFO    application/application.go:67   Detecting execution mode
2021-12-20T11:27:10.448Z        INFO    application/application.go:76   Agent is managed locally
2021-12-20T11:27:10.448Z        INFO    capabilities/capabilities.go:59 capabilities file not found in /home/ec2-user/elastic-agent-7.15.0-linux-x86_64/capabilities.yml
2021-12-20T11:27:10.874Z        INFO    [composable.providers.docker]   docker/docker.go:43     Docker provider skipped, unable to connect: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
2021-12-20T11:27:10.875Z        INFO    [api]   api/server.go:62        Starting stats endpoint
2021-12-20T11:27:10.878Z        INFO    application/local_mode.go:168   Agent is starting
2021-12-20T11:27:10.878Z        INFO    application/local_mode.go:172   Agent is stopped
Error: listen tcp 127.0.0.1:6789: bind: address already in use
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.