set the channel topic: ☁️ 🚀 The latest version of Fleet is 4.31.1. More info: https://github.com/fleetdm/fleet/releases/tag/fleet-v4.31.1 Upgrade now: https://github.com/fleetdm/fleet/releases/latest

Hello! How can I set the log level for an orbit agent so that only the WARN and higher level is logged? Now I get many logs 'INF calling flags update'.

Hey all, Has the live query API endpoint changed? I can seem to get it to work: https://fleetdm.com/docs/using-fleet/rest-api#run-live-query I get the error "one of query or query_id must be specified" I did find this: https://fleetdm.com/docs/contributing/api-for-contributors#run-live-query But my setup does not allow for opening a websocket to get the results. is there a solution that will work over only HTTP?

Hey everyone! I'm experiencing odd behavior in my Fleet deploy and would like to let you know as I think it's a bug: Recently there was a change in the users on my machine (a Ubuntu 22.04): a new user was added to the system (an active user whose shell is

/usr/bin/zsh

). I expected this change to be reflected on the host details page in Fleet, but it never happened. I refetched a few times and nothing happened, until I decided to remove the machine from Fleet and wait for it to join again. Now that the machine has rejoined, users no longer load. I've already tested the

usersQueryStr

query locally, used by the server to populate the host_users table, and it returns the desired users in

osqueryi

. I'm currently using version 4.31.0 of Fleet.

Please forgive my ignorance (learning Kubernetes while learning to deploy Fleet), but is there a way to check what failed? The only change I made to the default

values.yml

was that I disabled TLS for Fleet in addition to MySQL.

🏗️ New commits pushed to Fleet »

Hi fleet team, we have trouble in prepare db. root@nXXXXXX:/# /usr/bin/fleet prepare db \

--mysql_address=[mysql_ip]:3306 \

--mysql_database=[db] \

--mysql_username=[user_name] \

--mysql_password="[mysql_pwd]"

Failed to start: creating db connection: Error 1045: Access denied for user 'XXXXXX'@'XXXXXX' (using password: YES) we tried from our host connect to mysql and it works. but it keeps failing when we running the command of prepare db. plz advice.

Hi all, has anyone been able to run fleet using redis v7.0.5? We are having an issue starting up the process. More details in the 🧵

$ sudo /usr/local/bin/fleet serve --config /etc/fleetdm/fleetdm.yml
Using config file: /etc/fleetdm/fleetdm.yml
Failed to start: initialize Redis: refresh cluster: redisc: all nodes failed
ERR unknown command 'CLUSTER', with args beginning with: 'SLOTS'

I've just joined this channel, so hello everyone! So I've just setup Fleet in our demo environment, created and installed the fleet agent msi on test device. the device isn't appearing in Fleet. How long does it take to appear in Fleet? Is there a way I can force a check-in? Or have I missed a step somewhere? Many thanks in advance 🙏

Hello everyone! To start using Orbit do I need to uninstall the previous Osquery installation on my machines or can I install over it and it will handle it? (ask for Linux, macOS and Windows)

🏗️ New commits pushed to Fleet »

[MDM Support] Hey folks, I’m looking to hire Fleet for my company and have some questions: • do you support Ubuntu 20+ devices ? • Is there any location restriction?

Hey! Getting a bunch of errors like this, has anyone seen this before?

TLS handshake error from 35.191.26.147:50390: EOF

Hi fleet team, is the osquery version shown in the page of hosts actually comes from osquery_info table from agent side?

🏗️ New commits pushed to Fleet »

Hi team. In many production servers orbit-agent is trying to start cyclically, but can't do that. We get errors like :

May 19 15:10:39 HOST systemd[1]: Started Orbit osquery.
May 19 15:10:39 HOST orbit[2667636]: 2023-05-19T15:10:39+03:00 INF running with auto updates disabled
May 19 15:10:39 HOST orbit[2667636]: 2023-05-19T15:10:39+03:00 INF token rotation is enabled
May 19 15:10:39 HOST orbit[2667636]: 2023-05-19T15:10:39+03:00 INF start osqueryd cmd="/opt/orbit/bin/osqueryd/linux/5.7.0/osqueryd --pidfile=/opt/orbit/osquery.pid --database_path=/opt/orbit/osquery.db --extensions_socket=/opt/orbit/orbit-osquery.em --logger_path=/opt/orbit/osquery_log --enroll_secret_env ENROLL_SECRET --host_identifier=uuid --tls_hostname=HOSTNAME --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --tls_server_certs /opt/orbit/certs.pem --augeas_lenses /opt/orbit/lenses --force --flagfile /opt/orbit/osquery.flags"
May 19 15:10:39 HOST osqueryd[2667654]: osqueryd started [version=5.7.0]
May 19 15:11:09 HOST orbit[2667636]: 2023-05-19T15:11:09+03:00 INF calling flags update
May 19 15:11:49 HOST orbit[2667636]: 2023-05-19T15:11:49+03:00 ERR unexpected exit error="extension socket stat timeout"

In Fleet server status of agents is "offline" . What we should do with this error? How can we start agents? Orbit: 1.5.0 Osquery: 5.7.0 Debian: 11 .

Hey everyone, can anyone please provide me the fleet binary for linux_arch64 ?

Hello, we noticed that the hostname of certain devices that we fetched shows up similar to the example full host name listed below when doing a GET on a certain asset. Is there anyway to show just first part of the hostname. Our separate MDM usually sets this hostname right after we enroll our devices

🏗️ New commits pushed to Fleet »

Hi everyone, glad to be here. I have a question. I am trying to run a live query using rest API. But I am getting error 400. I am making a request to https://internal_fleet_instance/api/v1/fleet/queries/run and my payload is

{
  "query_ids": [
    "<<create_query.body.query.id>>"
  ],
  "host_ids": [
    "<<get_hosts.body.host.id>>"
  ]
}

And error message is -

"name": "base", "reason":"Expected JSON Body"

. I do have correct host id and query id but the result says json body is needed I have even tried with hard coded values in payload but live query api call is failing for me. Has anyone any insights on what am I missing here?

I am using it in SOAR platform, sending get request from there.

I noticed a similar error when I had an extra ‘/’ in the request URL. Can you view the request url and body as they are being sent from your platform?

Hello y'all, can I schedule a query to run every minute instead of the lowest 15 under the Schedule tab?

👋 running fleetdm with MariaDB (10.5.19 which I guess might not be supported?) and running into the

Something's gone wrong

error in Hosts among other places. Any thoughts? Happy to provide more info 🙂

Hey everyone! I am running into an issue with fleet. We recently set it up on a kubernetes cluster, and I created a package for macos. After I installed that package, orbit properly reports to the fleet server on the kubernetes cluster, tells it what software the client users,... you know the whole thing it needs to do. However, one essential part of the functionality is not working at all for some reason and I can't seem to figure it out: When I want to run either scheduled or custom queries, it is always stuck on 0% responded.

I already altered the nginx config on kubernetes to it would allow websocket traffic as well

but that doesn't fix the issue either

has anyone else encountered this issue, and how did you solve it?

Can you check the Fleet server and your browser’s dev console for errors? What happens if you run a query using

fleetctl

?

@Kathy Satterlee I just enabled verbose on the osquery binary locally, to see if it could actually reach the server. And I see requests like this, instead of going to the server:

==> <http://osqueryd.INFO|osqueryd.INFO> <==
I0524 17:09:37.731740 1880961024 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:58887/api/v1/osquery/config>

==> osqueryd.INFO.20230524-170837.11915 <==
I0524 17:09:37.731740 1880961024 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:58887/api/v1/osquery/config>

==> <http://osqueryd.INFO|osqueryd.INFO> <==
I0524 17:09:39.536824 1883828224 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:58887/api/v1/osquery/distributed/read>

==> osqueryd.INFO.20230524-170837.11915 <==
I0524 17:09:39.536824 1883828224 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:58887/api/v1/osquery/distributed/read>