is anybody running fleet behind rev-proxy (traffic) ? I am seeing issues , most likely, related to websockets

btw is there any way to disable web sockets in fleet ?

It looks like

sha256sum fleet.zip

command returns different result

1476e27814861bc7964f1c0db122cb156d56996f1612518c330c522ba24368f4

for fleet.zip in http://github.com/fleetdm/fleet/releases/tag/3.5.1. Is it okay?

Another question, can we remove some query from denylist using Fleet?

osquery_scheduled

returned denylisted=1 for query, but without any hardware utilization metrics. In my opinion, it looks like mismatch. Is it a way to remove this special query from denylist without direct access to client laptop and not to wait 24 hours?

Question about configuring FleetDM for Docker, specifically using Docker Swarm. The documentation for configuring the binary states

mysql_password

accepts a string but is it possible to provide a path to a file that contains the password, say to a Docker secret:

/run/secrets/fleetdm-mysql-password

? I assume the answer is it’s not supported currently but I wanted to ask.

Hello, I was wondering, does the old

launcher

works with the new

fleet

? If not, what is the preferred method to deploy? (We were packaging

launcher

and deploying it through MDM) Thank you,

Hello, would you please tell me what impact will fleet and osquery have on the osquery client when fleet and osquery communications are cut off?Will the regular query task set on the Fleet server continue?

Question: Is there a plan to have (or reason to not have) a global search option in Fleet UI to quickly find the hosts that are enrolled? I would want an easy way to verify if a host is added on Fleet?

I saw there is a --timeout flag in a fleetctl which is a nice feature. Is there anything similar in the WebUI. I've been running a simple query over 1389 hosts and under one minute 1386 of them returned results. Then the query runs forever I think (at least I have waited few mins before stopping this). What's the core of this problem. Could have this been mitigated in fleet or osquery ?

How do I use fleetctl as a single sign-on user? I’ve tried “fleetctl login” and supplied my email, but when it asks for password, I don’t have one to provide. I’ve tried pulling the API key from my profile on the GUI and supplying that, but it gets rejected as “The credentials supplied were invalid”

Hi everyone. I have a question about fleet options. When setting an option in Fleet, does that override the local osquery client option that's set in the flags file? For example, if we have logger_plugin: tls at Fleet, but logger_plugin: tls,filesystem configured on our clients, which one 'wins'?

Yesss! I've got to try this out in FF as well.

For context: https://osquery.slack.com/archives/C01DXJL16D8/p1608054542328100

Hey y’all, I am creating a blog post on: • Installing/setting up FleetDM manually on Ubuntu 20.04 • Installing/setting up FleetDM with an Ansible playbook • Installing/setting up FleetDM with Docker-compose v2.x, • Installing/setting up FleetDM with Docker swarm v3.X. • How to manually install Osquery on Windows and Ubuntu • How to install Osquery on endpoints with an Ansible playbook • Section on converting an Osquery query pack to the YAML format to upload to FleetDM with FleetCTL • Section on creating query pack via webgui • Section on running live queries with FleetCTL • Section on running live queries with web gui • Section on the new file carve feature in FleetDM In a thread below, please add any additional items I should cover in my blog post for first time FleetDM users.

API Documentation Format I noticed you currently use pure Markdown file for the API documentation, would it be okay to switch to OpenAPI format? There are a couple of reasons I think this would be a good move: • The format is almost a standard and can be parsed by a lot of tools which makes testing, and spinning mock servers much easier. • In case the API documentation will be added to the website or published a more structured format, doing that will be a simpler conversion or running it through a tool. • Easier to contribute to since there are many editors that simplify the process of adding new endpoints and request/response details. Do you think it will be okay if I switched to this format and sent my PR for the rest of the documentation in OpenAPI format?

fleet carving feedback <thread>

We are maxing out the 5351 mysql connections provided by our

db.m4.4xlarge

type host. Is that normal? Why are there so many database connections?

Also, we are getting our pods evicted due to storage limits, caused by 21G

/tmp/osquery_status

files. My gut says this is related to the lack of database connections (like, osquery_status gets cleared when it gets written to the database, or something). Is that correct?

Are you seeing that same error message? Do you see the same value for

host_identifier

in the log line?

Hi guys, is there a way to configure the

overrides

section for all linux platforms? In example, i want to enable

enable_syslog

flag for all linux boxes, from what i see i need to have a section for ubuntu, rhel, centos... isnt it?

Hello, may I ask if I deleted the pack pack on fleet UI, but the log of pack pack query will still be generated? What's the situation?

Hello, when I am running distributed query on Fleet UI it completes and says some of the hosts failed. What does that exactly mean ? Is it possible to identify which hosts have failed ? Thanks

hello fleet. Does anyone know how to delete users from Fleet? We recently stood up a new text env and when we went to invite someone, they get a message that their token was not found in the data store, so they can't accept the invite. We need to get this person setup but can't do it now because of the pending invite. We also need to understand what that token expired or didn't get set. Is this all stored in mysql? has anyone run into this before? We are using SSO via keycloak, not sure if that matters.

Hello, Fleet.I didn't have any certificates when I deployed Fleet. How can I use the generated certificates when I deploy a new set?

is there any guidance on running fleet on k8s?

Hey Fleet community. Is there a way to export the hosts out of Fleet in general, or for a specific label or labels? We are looking to try and audit what's registered vs what isn't and the way we have done that to date is to run a simple ad-hoc query and then export the results. That said, I routinely see these UI queries get stuck after completing on some # of hosts. I am theorizing that this is because some of the hosts are offline, but I don't know for sure. First question, is if there's a better way to export the clients and the follow up is what causes the ad-hoc queires to get stuck? I know that we can use the --exit flag with fleetctl and that skips offline hosts, but assume the UI doesn't do that. FYI, we are still on the last Kolide Fleet version so if any of the behavior has changed with what I'm going to ask about, let me know.

That's how I have it and it's not working as expected (seems to be uuid by default)

I'm looking at https://fleetdm.com/ and noticed it updated with two pricing models; is there a difference between

Core

and

Basic

?

hey everyone. we have the need to export pack config from one fleet env to another. I know Kolide had this tool - https://github.com/kolide/configimporter though as they have gotten out of the fleet biz, it's deprecated. The notes in the repo suggest using this script to convert the packs to yaml and then import them. Is this what people are doing, or does fleetdm have a tool (i couldn't find one)?

Launcher communicates over GRPC which uses HTTP/2 and is not always well supported by load balancers. Could this be the issue?