How to ask Elastic Defend to use Logstash as output?

kevinlin · June 24, 2024, 6:00am

I have created:

Fleet output (Name: OutLogstash, Type: Logstash, with Server SSL CA, Client SSL cert, Client SSL key)
Fleet Agent policy (Name: WinAgentPolicy, Output for integrations: OutLogstash )
In WinAgentPolicy, add Windows AD

Unfortunately, Agent unhealthy cause by Elastic Defend - Elasticsearch connection failure

lesio · June 24, 2024, 12:36pm

As a first step run from elevated command line elastic-endpoint test output

"C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" test output

or

sudo /Library/Elastic/Endpoint/elastic-endpoint test output

or

/opt/Elastic/Endpoint/elastic-endpoint test output

and please do not forget to indicate your stack version when asking questions.

leandrojmp · June 24, 2024, 12:38pm

Also, what is the license you are using? A paid license or the free basic license?

Do you have any other fleet output configured and being used?

kevinlin · June 25, 2024, 7:48am

This is really embarrassing. The test output says:
Logstash server: 172.19.171.160:5044
Status: OpenSSL library call failed

Agent become healthy after I re-paste Server SSL CA, Client SSL cert and Client SSL key in Logstash output again.

system · July 23, 2024, 7:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.