Hi,
How to use one elastic-agent on host where elastic stack is deployed to be as fleet server and filebeat collecting udp syslog messages? I red that elastic agent can be use for fleet server and data collection simultaneously.
I added integrations to default fleet server policy but i don't see open ports listening for syslog input messages.
Fleet server enrolled succesfully.
Could you help me, maybe i misunderstood something?
The steps you took should have enabled that Elastic Agent to start listening for syslog input messages, if you installed the integration that adds it.
What integration did you add to the Default Fleet Server policy?
I added system, palo alto and juniper integration. Before i used it in 7.12.0 without fleet server and worked fine. After update to 7.14i started to have problems. I added integrations with the same settings as before update.
Can you check the logs view for that Elastic Agent, is an errors reports? Does it say the policy is out of date?
I restarted kibana process and then fleet server and integrations started to listen on port. Only palo alto integration doesnt show any logs in discovery logs-panw* pattern. I see port is open for this integration. Docs are incementing in logs-panw index but when i create pattern and then choose it in discover section i dont see any new logs.
False alarm.
I reinstalled elastic-agent to make clear new enrollment and have the same problem. 
Where can i find this logs? Policy is up to date.
The logs should be present inside of Kibana. You can select the Elastic Agent and click the Logs tab. Inside that tab it should show all the logs for that agent.
I noticed even i set up ip address x.x.x.x:8220 for the fleet server in netstat i see
:::8220 :::* LISTEN 0 613345 5610/fleet-server
Probably need to get the logs from the system to see what is going on, I think there is some other issue occurring, because you should have logs in Kibana if data is shipping.
What OS are you installing Elastic Agent on?
I left elastic agent started and after few hours ports where opened and everything started to work. I don't know why it's working that way? My OS is Debian
No I don't know why it would take that long to get started, it should be up in a few minutes tops. That is strange behavior.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.