Proxy for Elastic Fleet #13717

networklord · 2024-09-23T11:04:19Z

networklord
Sep 23, 2024

Version

2.4.90

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

CPU

4

RAM

16

Storage for /

200

Storage for /nsm

200

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

Hi all,

On local network everything works fine, but there are remote systems which I want to install elastic agents. I saw that elastic agent has in configuration url https://manager_hostname:8220. So I tried to create Nginx config:

server {
server_name publicname;
listen 8220 ssl;
ssl_certificate /etc/nginx/cert/some.crt;
ssl_certificate_key /etc/nginx/cert/some.key;

location / {

    proxy_set_header   X-Real-IP              $remote_addr;
    proxy_set_header   Host                   $http_host;
    proxy_pass         https://10.1.0.100;

    proxy_set_header   X-Forwarded-Proto      $scheme;
 

     proxy_ssl_verify off;


}

}

Also have done same thing for port 8443 and 5055. But cannot connect, don't know which headers need to include or maybe is something else. I have enabled Public IP in SO section Allow Elastic Agent endpoints to send logs

Also found that in Elastic Fleet there is Beta Feature: Proxies, have not tried as it says it is Beta don't know if it is stable for production use.

Thanks in advance for you guidance

Guidelines

I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

Answered by defensivedepth

Sep 30, 2024

If I understand the setup correctly, you are looking for off-network agents to be able to connect up to Fleet, right?

This is what the dedicated Elastic Fleet Standalone Node is for - https://docs.securityonion.net/en/2.4/architecture.html#elastic-fleet-standalone-node

Deploy it to the DMZ or some type of configuration like that, and then your offnetwork agents can connect to it, send data, etc

View full answer

networklord · 2024-09-27T11:06:21Z

networklord
Sep 27, 2024
Author

My goal is to have endpoints (VPS, Laptops) sending data via elastic agent to SO

0 replies

defensivedepth · 2024-09-30T16:58:35Z

defensivedepth
Sep 30, 2024
Maintainer

If I understand the setup correctly, you are looking for off-network agents to be able to connect up to Fleet, right?

This is what the dedicated Elastic Fleet Standalone Node is for - https://docs.securityonion.net/en/2.4/architecture.html#elastic-fleet-standalone-node

Deploy it to the DMZ or some type of configuration like that, and then your offnetwork agents can connect to it, send data, etc

1 reply

networklord Oct 5, 2024
Author

Thank you very much

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Proxy for Elastic Fleet #13717

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Proxy for Elastic Fleet #13717

Uh oh!

Uh oh!

networklord Sep 23, 2024

Version

Installation Method

Description

Installation Type

Location

Hardware Specs

CPU

RAM

Storage for /

Storage for /nsm

Network Traffic Collection

Network Traffic Speeds

Status

Salt Status

Logs

Detail

Guidelines

Replies: 2 comments · 1 reply

Uh oh!

networklord Sep 27, 2024 Author

Uh oh!

defensivedepth Sep 30, 2024 Maintainer

Uh oh!

networklord Oct 5, 2024 Author

networklord
Sep 23, 2024

Replies: 2 comments 1 reply

networklord
Sep 27, 2024
Author

defensivedepth
Sep 30, 2024
Maintainer

networklord Oct 5, 2024
Author