How to ask Elastic Defend to use Logstash as output?

I have created:

  • Fleet output (Name: OutLogstash, Type: Logstash, with Server SSL CA, Client SSL cert, Client SSL key)
  • Fleet Agent policy (Name: WinAgentPolicy, Output for integrations: OutLogstash )
  • In WinAgentPolicy, add Windows AD

Unfortunately, Agent unhealthy cause by Elastic Defend - Elasticsearch connection failure

How to ask Elastic Defend to use Logstash as output?

As a first step run from elevated command line elastic-endpoint test output

"C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" test output

or

sudo /Library/Elastic/Endpoint/elastic-endpoint test output

or

/opt/Elastic/Endpoint/elastic-endpoint test output

and please do not forget to indicate your stack version when asking questions.

Also, what is the license you are using? A paid license or the free basic license?

Do you have any other fleet output configured and being used?

1 Like

This is really embarrassing. The test output says:
Logstash server: 172.19.171.160:5044
Status: OpenSSL library call failed

Agent become healthy after I re-paste Server SSL CA, Client SSL cert and Client SSL key in Logstash output again.

1 Like