Uncategorised

Elastic Agent: Installation & Configuration

November 15, 2023 Leave a Comment

How to install Elastic Agent in Linux?

$ cd curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.4.2-linux-x86_64.tar.gz
$ tar xzvf elastic-agent-8.4.2-linux-x86_64.tar.gz
$ cd elastic-agent-8.4.2-linux-x86_64
$ mv elastic-agent.yml elastic-agent.yml-
$ vi elastic-agent.yml
$ sudo ./elastic-agent install
$ systemctl status elastic-agent
$ systemctl stop elastic-agent
$ sudo systemctl stop elastic-agent
$ sudo systemctl status elastic-agent
$ sudo systemctl start elastic-agent
$ sudo systemctl status elastic-agent

Elastic Agent Commands

  completion  Generate the autocompletion script for the specified shell
  diagnostics Gather diagnostics information from the elastic-agent and running processes.
  enroll      Enroll the Agent into Fleet
  help        Help about any command
  inspect     Shows configuration of the agent
  install     Install Elastic Agent permanently on this system
  restart     Restart the currently running Elastic Agent daemon
  run         Start the elastic-agent.
  status      Status returns the current status of the running Elastic Agent daemon.
  uninstall   Uninstall permanent Elastic Agent from this system
  upgrade     Upgrade the currently running Elastic Agent to the specified version
  version     Display the version of the elastic-agent.
  watch       Watch watches Elastic Agent for failures and initiates rollback.

$ cd /opt/Elastic/Agent/
$ systemctl stop elastic-agent
$ vi elastic-agent.yml
$ systemctl start elastic-agent
$ systemctl status elastic-agent
$ ./elastic-agent install -h
$ ./elastic-agent -h
$ ./elastic-agent inspect
$ ./elastic-agent /opt/Elastic/Agent
$ ./elastic-agent status
$ ./elastic-agent version
$ ./elastic-agent watch
$ ./elastic-agent uninstall

How to avoid a certificates issues?

Reference

  • https://www.scmgalaxy.com/tutorials/elast-agent-error-received-fatal-alert-bad_certificate/
  • https://www.elastic.co/guide/en/fleet/current/elastic-agent-cmd-options.html
  • https://www.elastic.co/guide/en/fleet/current/secure-connections.html

How to verify the Metrices and Logs?

Some Commands Reference

sudo ./elastic-agent install \
  --fleet-server-es=https://10.13.233.1:9200 \
  --fleet-server-es-ca=/home/ubuntu/ca/ca.crt \
  --fleet-server-es-insecure \
  --insecure \
  --fleet-server-service-token=<token> \
  --fleet-server-policy=fleet-server-policy

sudo ./elastic-agent install \
  --url=https://fleetserver:8220 \
  --enrollment-token=<token> \
  --insecure

sudo elastic-agent status

sudo /opt/elastic-agent-8.0.0-linux-x86_64/elastic-agent install --url=https://10.0.0.10:8220 \
 --fleet-server-es=https://10.0.0.10:9200 \
 --fleet-server-service-token=<Token> \
 --fleet-server-policy=<Policy> \
 --certificate-authorities=/vagrant/ca.crt \
 --fleet-server-es-ca=/etc/pki/fleet/ca.crt \
 --fleet-server-cert=/etc/pki/fleet/fleet.crt \
 --fleet-server-cert-key=/etc/pki/fleet/fleet.key

sudo /opt/elastic-agent-8.0.0-linux-x86_64/elastic-agent install

sudo /opt/elastic-agent-8.0.0-linux-x86_64/elastic-agent install -f \
  --url=https://10.0.0.10:8220 \
  --enrollment-token=<Token> \
  --certificate-authorities=/vagrant/ca.crt

Installation layout of Elastic Agent

MacOS

/Library/Elastic/Agent/*
Elastic Agent program files
/Library/Elastic/Agent/elastic-agent.yml
Main Elastic Agent configuration
/Library/Elastic/Agent/fleet.enc
Main Elastic Agent Fleet encrypted configuration
/Library/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent.ndjson
Log files for Elastic Agent and Beats shippers [1]
/usr/bin/elastic-agent
Shell wrapper installed into PATH
You can install Elastic Agent in a custom base path other than /Library. When installing Elastic Agent with the ./elastic-agent install command, use the --base-path CLI option to specify the custom base path.

Linux

/opt/Elastic/Agent/*
Elastic Agent program files
/opt/Elastic/Agent/elastic-agent.yml
Main Elastic Agent configuration
/opt/Elastic/Agent/fleet.enc
Main Elastic Agent Fleet encrypted configuration
/opt/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent.ndjson
Log files for Elastic Agent and Beats shippers [1]
/usr/bin/elastic-agent
Shell wrapper installed into PATH
You can install Elastic Agent in a custom base path other than /opt. When installing Elastic Agent with the ./elastic-agent install command, use the --base-path CLI option to specify the custom base path.

Windows

C:\Program Files\Elastic\Agent*
Elastic Agent program files
C:\Program Files\Elastic\Agent\elastic-agent.yml
Main Elastic Agent configuration
C:\Program Files\Elastic\Agent\fleet.enc
Main Elastic Agent Fleet encrypted configuration
C:\Program Files\Elastic\Agent\data\elastic-agent-*\logs\elastic-agent.ndjson
Log files for Elastic Agent and Beats shippers [1]
You can install Elastic Agent in a custom base path other than C:\Program Files. When installing Elastic Agent with the .\elastic-agent.exe install command, use the --base-path CLI option to specify the custom base path.

Deb

/usr/share/elastic-agent/*
Elastic Agent program files
/etc/elastic-agent/elastic-agent.yml
Main Elastic Agent configuration
/etc/elastic-agent/fleet.enc
Main Elastic Agent Fleet encrypted configuration
/var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent.ndjson
Log files for Elastic Agent and Beats shippers [1]
/usr/bin/elastic-agent
Shell wrapper installed into PATH

RPM

/usr/share/elastic-agent/*
Elastic Agent program files
/etc/elastic-agent/elastic-agent.yml
Main Elastic Agent configuration
/etc/elastic-agent/fleet.enc
Main Elastic Agent Fleet encrypted configuration
/var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent.ndjson
Log files for Elastic Agent and Beats shippers [1]
/usr/bin/elastic-agent
Shell wrapper installed into PATH
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x