crimsonknave
12/18/2018, 3:36 PMbrownie
12/20/2018, 8:38 AMZveroboy152
12/20/2018, 6:52 PMWoogs
12/21/2018, 6:53 PMbrownie
12/26/2018, 4:38 PMdefensivedepth
12/27/2018, 9:52 PMstefanmaerz
12/28/2018, 2:24 PMgroob
eli_pro
01/02/2019, 6:29 PMKevin
01/03/2019, 3:23 PMeli_pro
01/03/2019, 9:34 PMblaedj
01/03/2019, 10:06 PMeli_pro
01/03/2019, 10:12 PMdaniel319b
01/07/2019, 7:09 PMInfosecGuruji
01/07/2019, 7:29 PMsaito
01/08/2019, 10:30 AMharveywells
01/08/2019, 9:41 PMInfosecGuruji
01/09/2019, 3:14 PMlvferdi
01/10/2019, 6:44 PMtls
when running this flagfile I get no logs written to /var/log/osquery/osqueryd.results.log
--logger_path=/var/log/osquery/
--logger_plugin=filesystem
--disable_events=false
--enroll_secret_path=/etc/osquery/enrollment_secret
--tls_hostname=<http://mykolide.com|mykolide.com>
--host_identifier=hostname
--enroll_tls_endpoint=/api/v1/osquery/enroll
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=10
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--disable_audit=false
--audit_allow_config=true
--audit_persist=true
--audit_allow_sockets
but if I run osquery with --config_plugin=filesystem
--logger_plugin=filesystem
--disable_events=false
it works as expected and writes to file. Any reason the TLS configs would stop the filesystem loggingAlan Orlikoski
01/10/2019, 6:53 PMInfosecGuruji
01/12/2019, 8:03 PMinvalid property list
seph
--launcher_version nightly
and see how it does? launcher --version
should show a build today, version 0.7.0-4-ga3b6e0dseph
<true></true>
to <true/>
. You will, of course, need to update to the head version of package-builder.mbmy
01/14/2019, 9:33 PM<dict>
<key>PathState</key>
<dict>
<key>/etc/kolide/secret</key><true/>
</dict>
</dict>
mbmy
01/14/2019, 9:37 PM{"caller":"logutil.go:13","run service: enrolling host: query enrollment details: query enrollment details: could not query the extension manager client: EOF":"run launcher","severity":"info","ts":"2019-01-14T21:32:35.813567Z"}
by using version 0.7. is that still the case for you?Slackbot
01/14/2019, 9:47 PMshed7
01/15/2019, 5:10 PMmaxwhite
01/15/2019, 8:14 PMapi/v1/kolide/sso/callback
still the SSO endpoint for Kolide? (ACS URL)jussiu
01/21/2019, 11:27 AMMarc
01/22/2019, 4:39 AM