fleet
  • mikermcneil

    mikermcneil

    11/22/2022, 12:14 AM
    Any ideas for Joseph?
  • a

    Alessandro

    11/22/2022, 5:13 PM
    Hello everybody! I am just looking for a confirmation here: we have reinstalled our Fleet server on an existing infrastructure so, apart from reconfiguring admin user, email, etc., we also got a new enroll key. However we would like to migrate the hosts that were previously enrolled with the old enroll key since the number is considerable and making a new onboarding will take quite some effort. How do you recommend me to approach this? 1. Adding the old enroll secret and use that as a
    multiple
    enroll secret keeping the new one 2. Trying to rotate the new enroll secret for the old enroll secret (if this is even making sense https://fleetdm.com/docs/deploying/faq#how-can-enroll-secrets-be-rotated) 3. Replace the new enroll key with the old enroll key (I have tried to find an equivalent of
    kubectl replace
    or piping the file content to
    kubectl apply -f -
    , but I did not find a command to replace an
    entire
    config) Any other advice on how to make it happen without changing the config at host level?
  • w

    wennan.he

    11/22/2022, 9:28 PM
    Hi fleet team, when i create a pack, does osquery store it locally once it read it from fleet? and how does it store it? and i c there is folder of packs with some .conf files like including a lot of queries, are they the local files with default packs queries?
  • o

    Ojas

    11/23/2022, 5:20 AM
    Hey Team, I see a file called secret orbit not key in my folder and it is not secure. End user can access it and i wanted to check what is that used for. secret file has the key to communicate to the fleet server. but not sure about secret-orbit-not-key
  • a

    Adrian Junge

    11/23/2022, 2:10 PM
    Hello everyone, is there any possible way to define policies in fleet comparing eg running processes with a black- or whitelist, but without having to list every entry from the list manually in the specific query?
  • r

    Reza Kazemy

    11/26/2022, 9:36 AM
    Hi, is there any way to specify the identifier for a specific user that they had installed the osquery agent?
  • t

    Terje Kvernes

    11/29/2022, 12:22 PM
    We have some metadata on hosts that we would like to have available to join into some searches. This is metadata like purchase orders, location, and similar. This data is not located on each host, but in a central system that we can extract data from. How would I go about making this data available in fleet? I am happy to write an extension or script table generation as needed, as long as I can find an outline of how to (correctly?) solve the issue. 🙂
  • c

    charles

    11/29/2022, 10:41 PM
    does anyone ship custom osquery tables with their fleet installs today? it seems supported but wanted to know if there were any real hairy details
  • Mystery Incorporated

    Mystery Incorporated

    12/01/2022, 11:12 AM
    How do you enable the user info queries on teams when you do not have a per team config? or is it a requirement that you create a per team config so you can enable user info queries team by team?
  • j

    Jörg Sachse

    12/01/2022, 12:37 PM
    Hi everyone, I'm looking for help regarding the Schedule feature of the latest (v4.23.0) FleetDM server. Using "Schedule -> Advanced", I can navigate to a list of packs, all of which (I installed some) are currently enabled. Does this mean that they are already executed regularly? But on which hosts, and how often? If I use the basic "Schedule" feature, I can only pick single queries for scheduling, but not whole packs. How can I execute a pack anyway? Thank you for any help that you can provide.
  • t

    Terje Kvernes

    12/01/2022, 2:12 PM
    Is there a way to avoid the noise of “Requires Fleet Premium license” in the logs for the proxy we have in front of fleet? We can theoretically have that specific URL log to /dev/null, but that sounds a bit horrible. 😛
  • a

    Adrian Junge

    12/01/2022, 2:56 PM
    Hello everyone, is it possible to manipulate the data sent from a Fleetclient to the central Fleetserver? Or is the integrity of the data guaranteed and if so how?
  • Mystery Incorporated

    Mystery Incorporated

    12/02/2022, 7:12 AM
    Hello, why are vulnerabilities not being removed when vulnerable apps are updated?
  • Mystery Incorporated

    Mystery Incorporated

    12/02/2022, 7:13 AM
    It lists my device as one of the 4 vulnerable, but you can see, my teams app was updated days ago.
  • j

    Joseph Edward

    12/02/2022, 8:47 PM
    Hi Everybody - What would be the quickest way to establish a device posture for several EC2 instances I spin up as an example? Apologies for asking such a broad/naive question - this re:the Tailscale Device Posture Check idea from above, I do not have a ton of experience with the Fleet API yet, but it is my next step. I wanted to know what the simplest possible configuration I could test against would be before I start diving into a bunch of examples - are there any preconfigured EC2 policies?
  • s

    Steve L

    12/02/2022, 10:09 PM
    Hi everyone, quick question, can I use Fleet to ship syslogs to my PRTG syslog server? I would like to make a use case for my new company.
  • Mystery Incorporated

    Mystery Incorporated

    12/03/2022, 2:00 AM
    Is it right to say that the users listed in fleet for linux devices are only users that have a shell? So for example, it is not listing the nginx www-data user.
  • Mystery Incorporated

    Mystery Incorporated

    12/03/2022, 3:44 AM
    The check device managed by MDM policy says this
  • r

    Reza Kazemy

    12/04/2022, 10:41 AM
    Hello everybody. Sorry, when I installed the fleet-osquery.msi, I started to get results like "-" 400 157 "-" "-" on my Nginx Log. Could anyone please help me get through this?
  • r

    Reza Kazemy

    12/04/2022, 10:43 AM
    I will send any configuration that is needed in order to figure this out. please leave comments for me. Thank you.
  • a

    Anoop K V

    12/06/2022, 5:33 AM
    Hi Team, while doing file carving, some times these are getting failed with below error logged in osquery for the last block upload. As intermittently these carving succeed, doesnot look to me like a configuration issue. Any pointers here? { "message": "save block data: s3 multipart carve upload: AccessDenied: Access Denied\n\tstatus code: 403, request id: XXXX, host id: XXXXX", "errors": [ { "name": "base", "reason": "save block data: s3 multipart carve upload: AccessDenied: Access Denied\n\tstatus code: 403, request id: XXXXX, host id: XXXX" } ] }
  • s

    sharvil

    12/07/2022, 10:31 AM
    hey @Graham Anderson posting the question here https://osquery.slack.com/archives/C08V7KTJB/p1670408244539229
  • g

    Graham Anderson

    12/07/2022, 10:31 AM
    @sharvil aaah thanks!
  • r

    Raghavendra Hiremath

    12/07/2022, 3:25 PM
    Hello All, In fleet, how the fleet UI is authenticating with Redis "https://fleetdm.com/docs/deploying/server-installation", I don't see how fleet works with redis?
  • p

    peanut butter

    12/07/2022, 6:54 PM
    I have build my own osquery with new table, when I run she shell it works well also the new table. but when I run the service and I run query on him the service getting stopped and when I run him again I get the result from that query, and this problem happening from any query
  • j

    Jacob Shandling

    12/07/2022, 7:24 PM
    Hi All! I have recently joined the UI engineering team at Fleet, and look forward to helping improve your experience using the web interface.
  • s

    Scott McQueen

    12/07/2022, 9:24 PM
    Hey All, after following the Fleet Docs for Google Workspace SSO, I'm getting nginx errors when doing a test login with a user that already existed with a matching email in Google: https://fleetdm.com/docs/deploying/configuration#google-workspace-idp-configuration
  • d

    Daniel

    12/07/2022, 9:33 PM
    Silly question: where is fleet storing logs for the UI webserver (apart from streaming them as kubernetes logs via the container)? Where do we specify where we want these logs to go etc?