Two agents on one sensor #12257
Two agents on one sensor
#12257
Replies: 1 comment 1 reply
-
|
Elastic agent configs are managed by fleet so you will find the configuration for elastic agents in SOC -> Elastic Fleet. The Elastic Agent also doesn't support multiple agents on the same host. What are you looking to achieve with this setup? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hello, Thank you for your response. I am looking to have additional output. We have two different Elastics that need to have same data basically. So, for example, agent would send data to Elastic1 and Elastic2 at the same time. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.100
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Distributed
Location
airgap
Hardware Specs
Meets minimum requirements
CPU
4
RAM
10
Storage for /
200
Storage for /nsm
200
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello,
I need help achieving a configuration change in Security Onion (SO) 2.4. In the past, on SO 2.3, I had two Filebeat instances running on a sensor, with each of them sending logs to separate SO managers. Now, with the new SO 2.4, I want to replicate this setup, but I'm having trouble finding where to change the agent's output. According to the documentation, the elastic-agent.yml file should be located in /opt/so/conf/elastic-agent, but I can't seem to find it there.
Could someone guide me through this process?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions