Do you need to remove and redeploy Elastic Agent if Manager Node was completely re-installed?

[MACKG17]

Version

2.4.100

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

airgap

Hardware Specs

Exceeds minimum requirements

CPU

8

RAM

32

Storage for /

750

Storage for /nsm

750

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

BACKGROUND: I just reloaded my entire SO Suite with Manager Node, 2x Search Nodes, and 2x Sensors. However, I have Elastic Agents installed on my endpoints that were installed previously from my 2.4.8 build that I just reloaded (not upgraded) with 2.4.100.

QUESTION: Do I have to uninstall and re-install Elastic Agent on my endpoints or will the agents connect to the new Manager Node and upgrade naturally? All configurations from 2.4.8 are the SAME as 2.4.100 in my network - nothing has changed, all ports and IPs and firewalls are configured as it was before.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[kvkamin]

Agents deployed from your last system will try to connect if IP scheme is the same, but they were deployed with a different certificate. In my experience, you will probably have to uninstall/reinstall agents with new creds.

Are you getting a lot of SSL errors in /opt/so/log/logstash/logstash.log ?

[MACKG17]

Yeah that's what I'm going to do. Not seeing in errors but, it takes nothing to re-install