Alejandro
11/29/2019, 12:09 PMget expiry window setting: Error 1054: Unknown column 'host_expiry_window' in 'field list'
any ideas what might be happening?Gavin
12/02/2019, 7:15 PMnyanshak
12/05/2019, 4:59 PMalpha-queries
, with query names my-awesome-query-alpha
• deploy change to second set of hosts by updating a pack called beta-queries
, with query names my-awesome-query-beta
• repeat for each additional environment
• then the queries will be logged with different pack names / query names, and alerts based on them would need to take into account the weird naming schema as well
I guess this whole thing sounds fairly tedious and frustrating, because there's a lot of duplication of effort, duplication of packs / queries, duplication of alerting rules, etc. I'm kind of assuming / hoping that I'm missing something that's obvious to other teams, and if not, how different teams have solved the problems here.
Maybe a better way would be a feature request to add "query versions" and be able to target different versions of queries to different labels.Matt K
12/05/2019, 8:03 PMfilesystem
to pubsub
, and I've switched the configs, made the topics, etc. I have the GOOGLE_APPLICATION_CREDENTIALS
env var set to the filepath of my service account, but I keep getting Error initializing service: initializing osquery logging: create pubsub status logger: create pubsub client: pubsub: google: could not find default credentials
... has anyone run into this before?nyanshak
12/05/2019, 10:54 PMDavid Alexander
12/06/2019, 12:03 AMnyanshak
12/06/2019, 1:21 AMnyanshak
12/08/2019, 7:15 PMfelix
12/09/2019, 10:32 AMapiVersion: v1
kind: pack
spec:
description: test
id: 3
name: test
queries:
- description: ""
interval: 10
name: Info
platform: ""
query: Info
removed: false
shard: 100
snapshot: true
version: ""
targets:
labels:
- All Hosts
b0l
12/09/2019, 10:52 PMfelix
12/11/2019, 1:13 PMSherwin
12/12/2019, 3:51 PMatom
12/12/2019, 6:02 PMSeren
12/12/2019, 8:54 PMpackage-builder
, or a way to specify it when invoking launcher? Or does it need to be added to the system-wide certificate store on each client system?grant seltzer
12/13/2019, 6:05 PMSherwin
12/13/2019, 7:12 PMChris B
12/13/2019, 7:23 PMSherwin
12/16/2019, 7:36 PMSeren
12/18/2019, 12:00 AMemails.go
when building fleetctl
on Mac OS:
$ make fleetctl
mkdir -p build/linux
mkdir -p build/darwin
go build -i -o build/fleetctl -ldflags " -X <http://github.com/kolide/kit/version.appName=fleetctl|github.com/kolide/kit/version.appName=fleetctl> -X <http://github.com/kolide/kit/version.version=2.4.0-6-gb524d813-dirty|github.com/kolide/kit/version.version=2.4.0-6-gb524d813-dirty> -X <http://github.com/kolide/kit/version.branch=master|github.com/kolide/kit/version.branch=master> -X <http://github.com/kolide/kit/version.revision=b524d813ca7ee2935ddc0f0ea86d0bd60fc35888|github.com/kolide/kit/version.revision=b524d813ca7ee2935ddc0f0ea86d0bd60fc35888> -X <http://github.com/kolide/kit/version.buildDate=2019-12-17T23:42:10Z|github.com/kolide/kit/version.buildDate=2019-12-17T23:42:10Z> -X <http://github.com/kolide/kit/version.buildUser=seren|github.com/kolide/kit/version.buildUser=seren> -X <http://github.com/kolide/kit/version.goVersion=go1.13.4|github.com/kolide/kit/version.goVersion=go1.13.4>" ./cmd/fleetctl
# <http://github.com/kolide/fleet/server/kolide|github.com/kolide/fleet/server/kolide>
server/kolide/emails.go:93:23: undefined: Asset
make: *** [fleetctl] Error 2
Has anyone run into this?zwass
Ahmed
12/22/2019, 8:05 PMAhmed
12/24/2019, 3:44 PMchristran
12/25/2019, 8:01 AMjsanchez
12/26/2019, 8:45 PMseph
Mil D
12/30/2019, 8:06 AMfleetctl query --query 'select * from osquery_info;' --labels='All Hosts'
0% responded (0% online) | 0/0 targeted hosts (0/0 online)
wtheaker
01/06/2020, 6:57 PMlaudecay
01/06/2020, 8:17 PMseph
transport: received the unexpected content-type \“text/htmlSounds like it’s not connecting to the GRPC endpoint, and is instead getting https.
felix
01/14/2020, 8:52 AM