Replies: 1 comment 2 replies
-
|
I have the same issue. I found a workaround. I added my firewall's IP address in the elasticfleet / config /server / custom_fqdn field. Then I copied this file from default to local and modified line 167 it so it would use IP instead of DNS for the fqdn. Then ran a highstate to apply the changes. It's not elegant, but it works.
|
Beta Was this translation helpful? Give feedback.
-
|
Good tip. I am in a similar situation but with multiple sites with different firewalls. If I do this for each one of my subnets that require a different IP to reach the manager, can I just do this for each one generating a different exe for each scenario or will that break other agent configs? |
Beta Was this translation helpful? Give feedback.
-
|
This was a great fix for allowing the elastic agent to register in Fleet. It's showing as healthy and that's great. For Windows, we are utilizing the integration that brings in Windows Event Logs and Sysmon logs. It is here we have an additional problem: Filebeat is launched by elastic agent to ship the logs back to the manager but the Filebeat cert only references the FQDN/URL and the Internal IP...it doesn't have the custom_fqdn entry from earlier. What do I do to make sure Filebeat goes to the correct IP? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
We have Security Onion sitting behind a PFSense firewall. The certificates that are generated by the so-elastic-agent-get-installers do not have the ability to have a Subject Alternative Name (SAN). This would allow the agent to verify the certificate correctly when connecting to the firewall's hostname or IP. If the SAN could get pulled from the elasticfleet / config /server / custom_fqdn field, I think that would solve the issue.
I am using SO 2.4.50 with the downloaded elastic-agent files from SO manager.
Beta Was this translation helpful? Give feedback.
All reactions