How to ask Elastic Defend to use Logstash as output?

kevinlin · June 24, 2024, 6:00am

I have created:

Fleet output (Name: OutLogstash, Type: Logstash, with Server SSL CA, Client SSL cert, Client SSL key)
Fleet Agent policy (Name: WinAgentPolicy, Output for integrations: OutLogstash )
In WinAgentPolicy, add Windows AD

Unfortunately, Agent unhealthy cause by Elastic Defend - Elasticsearch connection failure

lesio · June 24, 2024, 12:36pm

As a first step run from elevated command line elastic-endpoint test output

"C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" test output

or

sudo /Library/Elastic/Endpoint/elastic-endpoint test output

or

/opt/Elastic/Endpoint/elastic-endpoint test output

and please do not forget to indicate your stack version when asking questions.

leandrojmp · June 24, 2024, 12:38pm

Also, what is the license you are using? A paid license or the free basic license?

Do you have any other fleet output configured and being used?

kevinlin · June 25, 2024, 7:48am

This is really embarrassing. The test output says:
Logstash server: 172.19.171.160:5044
Status: OpenSSL library call failed

Agent become healthy after I re-paste Server SSL CA, Client SSL cert and Client SSL key in Logstash output again.

system · July 23, 2024, 7:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Output for Fleet Managed Elastic Agent Elastic Agent	1	190	September 15, 2023
FleetServer Policy with Logstash type output failing Elastic Agent fleet	7	503	May 11, 2023
Fleet Server seems to sent plain HTTP to Fleets Logstash Output Elastic Agent fleet	15	969	March 30, 2023
Fleet server agent output not supported Elastic Agent fleet	2	285	August 22, 2023
No incoming data to Logstash Output from Elastic Agents - Only Elasticsearch ouptut works Elasticsearch fleet	6	657	May 28, 2023