Fleet server no data from other elastic agents

alex_96 · June 15, 2022, 8:00pm

Hello, I recently installed elastic + kibana + elastic agent (all versions 7.17.4) on ubuntu 20.04, I have a cluster of one node with self-signed certificates, after setting up I installed elastic-agent (fleet server) everything is fine with it, I see events in system intergration and some other integrations, but when connecting elastic-agent from another host (located on the same subnet as the fleet server), I don’t see any data in any of the integrations, a few logs and settings that I did:

because the secure cluster connected the fleet agent using the following command:

elastic-agent enroll --url=https://ip:8220 --enrollment-token=<token> --certificate-authorities=..../ca.crt

There are no errors in the agent logs on the remote host, here are some of them:

2022-06-15T22:26:32.267+0300    INFO    log/reporter.go:40      2022-06-15T22:26:32+03:00 - message: Application: filebeat--7.17.4[228bc966-694b-445d-b508-53b29575b5a9]: State changed to STARTING: Start>
2022-06-15T22:26:32.604+0300    INFO    operation/operator.go:284       operation 'operation-install' skipped for filebeat.7.17.4
2022-06-15T22:26:32.604+0300    INFO    operation/operator.go:284       operation 'operation-start' skipped for filebeat.7.17.4
2022-06-15T22:26:32.618+0300    INFO    process/configure.go:50 initiating restart of 'filebeat_monitoring' due to config change
2022-06-15T22:26:34.134+0300    INFO    log/reporter.go:40      2022-06-15T22:26:34+03:00 - message: Application: filebeat--7.17.4--36643631373035623733363936343635[228bc966-694b-445d-b508-53b29575b5a9]>
2022-06-15T22:26:34.210+0300    INFO    log/reporter.go:40      2022-06-15T22:26:34+03:00 - message: Application: metricbeat--7.17.4[228bc966-694b-445d-b508-53b29575b5a9]: State changed to CONFIG: Updat>
2022-06-15T22:26:34.251+0300    INFO    log/reporter.go:40      2022-06-15T22:26:34+03:00 - message: Application: filebeat--7.17.4[228bc966-694b-445d-b508-53b29575b5a9]: State changed to CONFIG: Updatin>
2022-06-15T22:26:34.439+0300    INFO    log/reporter.go:40      2022-06-15T22:26:34+03:00 - message: Application: filebeat--7.17.4--36643631373035623733363936343635[228bc966-694b-445d-b508-53b29575b5a9]>
2022-06-15T22:26:35.015+0300    INFO    operation/operator.go:284       operation 'operation-install' skipped for metricbeat.7.17.4
2022-06-15T22:26:35.015+0300    INFO    operation/operator.go:284       operation 'operation-start' skipped for metricbeat.7.17.4
2022-06-15T22:26:35.017+0300    INFO    process/configure.go:50 initiating restart of 'metricbeat_monitoring' due to config change
2022-06-15T22:26:35.540+0300    INFO    log/reporter.go:40      2022-06-15T22:26:35+03:00 - message: Application: metricbeat--7.17.4--36643631373035623733363936343635[228bc966-694b-445d-b508-53b29575b5a>
2022-06-15T22:26:35.814+0300    INFO    log/reporter.go:40      2022-06-15T22:26:35+03:00 - message: Application: metricbeat--7.17.4--36643631373035623733363936343635[228bc966-694b-445d-b508-53b29575b5a>
2022-06-15T22:26:35.814+0300    INFO    stateresolver/stateresolver.go:66       Updating internal state
2022-06-15T22:26:37.318+0300    INFO    log/reporter.go:40      2022-06-15T22:26:37+03:00 - message: Application: filebeat--7.17.4--36643631373035623733363936343635[228bc966-694b-445d-b508-53b29575b5a9]>
2022-06-15T22:26:37.362+0300    INFO    log/reporter.go:40      2022-06-15T22:26:37+03:00 - message: Application: metricbeat--7.17.4--36643631373035623733363936343635[228bc966-694b-445d-b508-53b29575b5a>

tcpdump between hosts:

22:32:00.382872 IP vb.8220 > 192.168.100.228.60372: Flags [.], ack 1, win 501, options [nop,nop,TS val 599984355 ecr 343132880], length 0
22:32:00.383521 IP 192.168.100.228.60372 > vb.8220: Flags [.], ack 1, win 501, options [nop,nop,TS val 343147984 ecr 599969346], length 0
22:32:00.485428 IP 192.168.100.228.60372 > vb.8220: Flags [.], ack 1, win 501, options [nop,nop,TS val 343148086 ecr 599969346], length 0
22:32:00.485533 IP vb.8220 > 192.168.100.228.60372: Flags [.], ack 1, win 501, options [nop,nop,TS val 599984457 ecr 343147984], length 0
22:32:15.487284 IP vb.8220 > 192.168.100.228.60372: Flags [.], ack 1, win 501, options [nop,nop,TS val 599999459 ecr 343147984], length 0
22:32:15.487910 IP 192.168.100.228.60372 > vb.8220: Flags [.], ack 1, win 501, options [nop,nop,TS val 343163089 ecr 599984457], length 0
22:32:15.602629 IP 192.168.100.228.60372 > vb.8220: Flags [.], ack 1, win 501, options [nop,nop,TS val 343163203 ecr 599984457], length 0
22:32:15.602721 IP vb.8220 > 192.168.100.228.60372: Flags [.], ack 1, win 501, options [nop,nop,TS val 599999575 ecr 343163089], length 0
22:32:30.591112 IP vb.8220 > 192.168.100.228.60372: Flags [.], ack 1, win 501, options [nop,nop,TS val 600014563 ecr 343163089], length 0

P.s .228 - agent, vb - fleet server

What could be the reason?

system · July 13, 2022, 10:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.