no alerts after upgrading to 2.4.130 #14391
-
|
Grid is all green, plenty of logs being collected, PCAP folders are still filling up. Zero alerts showing in the SOC or the SO Alert Dashboard in Kibana. "FleetServer_securityonion" agent is healthy in fleet manager but the "securityonion" agent has been offline since upgrading. It's probably something easy I'm missing but I'm done shouting obscenities through my house. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
When creating a discussion please use the 2.4 category and fill out the questions. This helps answer common questions for troubleshooting. Try running If command is not found or in an unhealthy state a quick fix might be install /reinstall agent uninstall install |
Beta Was this translation helpful? Give feedback.
-
|
Apologies for the incorrect category format. Had some issues getting the agent installed initially because a highstate process was already running but eventually the above command did get it installed. Thanks for your help!! |
Beta Was this translation helpful? Give feedback.
When creating a discussion please use the 2.4 category and fill out the questions. This helps answer common questions for troubleshooting.
Try running
sudo elastic-agent statusIf command is not found or in an unhealthy state a quick fix might be install /reinstall agent
uninstall
sudo elastic-agent uninstall -finstall
sudo salt-call state.apply elasticfleet.install_agent_grid