How to ask Elastic Defend to use Logstash as output?

kevinlin · June 24, 2024, 6:00am

I have created:

Fleet output (Name: OutLogstash, Type: Logstash, with Server SSL CA, Client SSL cert, Client SSL key)
Fleet Agent policy (Name: WinAgentPolicy, Output for integrations: OutLogstash )
In WinAgentPolicy, add Windows AD

Unfortunately, Agent unhealthy cause by Elastic Defend - Elasticsearch connection failure

lesio · June 24, 2024, 12:36pm

As a first step run from elevated command line elastic-endpoint test output

"C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" test output

or

sudo /Library/Elastic/Endpoint/elastic-endpoint test output

or

/opt/Elastic/Endpoint/elastic-endpoint test output

and please do not forget to indicate your stack version when asking questions.

leandrojmp · June 24, 2024, 12:38pm

Also, what is the license you are using? A paid license or the free basic license?

Do you have any other fleet output configured and being used?

kevinlin · June 25, 2024, 7:48am

This is really embarrassing. The test output says:
Logstash server: 172.19.171.160:5044
Status: OpenSSL library call failed

Agent become healthy after I re-paste Server SSL CA, Client SSL cert and Client SSL key in Logstash output again.

system · July 23, 2024, 7:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Endpoint Security without using Fleet Endpoint Security fleet	10	2093	November 1, 2021
Elastic agent input gives bad_certificate in Logstash Logstash	0	7	August 29, 2024
ElasticAgent enrolled with Fleet server - Connection failure Elastic Defend Elastic Agent	8	19	October 22, 2024
Logstash output to elasticsearch - SSL Logstash	2	13982	January 8, 2020
Elastic agent - Fleet x509: certificate signed by unknown authority Elastic Security elastic-stack-security , fleet , elastic-agent	2	2134	November 4, 2022