-
Version2.4.70 Installation MethodSecurity Onion ISO image Descriptioninstallation Installation TypeEval Locationother (please provide detail below) Hardware SpecsExceeds minimum requirements CPU4 RAM16 Storage for /69,2 Storage for /nsm133,7 Network Traffic Collectionother (please provide detail below) Network Traffic SpeedsLess than 1Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsYes, there are additional clues in /opt/so/log/ (please provide detail below) Detail
after installing the elastic agents on two clients (windows 10 and ubuntu), i notice that the logs don't go back up to the SOC (security onion console) and i've noticed the absence of logstash in the /opt/so/conf/ and /opt/so/log/ directories and the command: sudo so-logstash-restart returns: Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You specify above that your installation type is Eval (Evaluation mode). Evaluation Mode does not support remote agents. If you downloaded your Elastic Agents from SOC Downloads, there should have been a red banner mentioning this:
This is also mentioned in several locations throughout the documentation. From https://docs.securityonion.net/en/2.4/elastic-agent.html#deployment:
From https://docs.securityonion.net/en/2.4/architecture.html#evaluation:
From https://docs.securityonion.net/en/2.4/downloads.html#downloads:
|
Beta Was this translation helpful? Give feedback.
You specify above that your installation type is Eval (Evaluation mode). Evaluation Mode does not support remote agents.
If you downloaded your Elastic Agents from SOC Downloads, there should have been a red banner mentioning this:
This is also mentioned in several locations throughout the documentation. From https://docs.securityonion.net/en/2.4/elastic-agent.html#deployment:
From https://docs.securityonion.net/en/2.4/architecture.html#evaluation:
From https://docs.securityonion.net/en/2.4/downloads.html#downloads: