https://github.com/osquery/osquery logo
Join Slack
Powered by
Hello everyone. Sorry, I have one issue that I wou...
# fleet
r
Hello everyone. Sorry, I have one issue that I would like to discuss with you. I have installed the fleet desktop on my computer (v4.22.1). and sometimes Fleet Desktop icon will not appear on my desktop. I think when I restart my server the fleet agent gets some trouble connecting to the server again. Are there any configs that I need to check ??
k
Hi @Reza! I'd recommend checking the Fleet Desktop logs to see if there are any clues there:
• Linux: 
$XDG_STATE_HOME/Fleet
or 
$HOME/.local/state/Fleet
• macOS: 
$HOME/Library/Logs/Fleet
• Windows: 
%LocalAppData%/Fleet
The log file name is 
fleet-desktop.log
r
Hi @Kathy Satterlee Thank you for your attention. Here is the log: These are the latest result that I had got.
Copy code
2023-05-12T01:33:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:38:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:43:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:48:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:53:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:58:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T19:45:03+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T19:45:14+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T19:45:41+04:30 INF token file changed, rechecking
2023-05-12T19:45:41+04:30 DBG disabling tray items
2023-05-12T19:45:41+04:30 DBG successfully refetched the token from disk
2023-05-12T19:45:42+04:30 DBG enabling tray items
2023-05-12T19:45:42+04:30 INF token file changed, rechecking
2023-05-12T19:45:42+04:30 DBG disabling tray items
2023-05-12T19:45:42+04:30 DBG successfully refetched the token from disk
2023-05-12T19:45:43+04:30 DBG enabling tray items
2023-05-12T19:47:14+04:30 INF Shutdown was requested!
2023-05-12T19:47:14+04:30 INF exit
2023-05-12T19:47:24+04:30 INF fleet-desktop version=1.3.1
2023-05-12T19:47:24+04:30 INF Comm channel was acquired
2023-05-12T19:47:25+04:30 INF ready
2023-05-12T19:47:25+04:30 DBG successfully refetched the token from disk
2023-05-12T19:47:26+04:30 DBG enabling tray items
2023-05-12T19:52:25+04:30 INF token file changed, rechecking
2023-05-12T19:52:25+04:30 DBG disabling tray items
2023-05-12T19:52:25+04:30 DBG successfully refetched the token from disk
2023-05-12T19:52:25+04:30 DBG enabling tray items
2023-05-12T19:52:26+04:30 INF token file changed, rechecking
2023-05-12T19:52:26+04:30 DBG disabling tray items
2023-05-12T19:52:26+04:30 DBG successfully refetched the token from disk
2023-05-12T19:52:26+04:30 DBG enabling tray items
2023-05-12T19:57:26+04:30 INF token file changed, rechecking
2023-05-12T19:57:26+04:30 DBG disabling tray items
2023-05-12T19:57:26+04:30 DBG successfully refetched the token from disk
2023-05-12T19:57:26+04:30 DBG enabling tray items
2023-05-12T19:57:26+04:30 DBG disabling tray items
2023-05-12T19:57:26+04:30 DBG successfully refetched the token from disk
2023-05-12T19:57:27+04:30 DBG enabling tray items
2023-05-12T20:02:20+04:30 INF exit
I just want to mention that one of my colleagues has the same issue as me on macOS however the log is different and fleet desktop icon just would say connecting here is the log for that:
Copy code
2023-05-13T16:10:39+03:30 DBG successfully refetched the token from disk

2023-05-13T16:10:39+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:10:44+03:30 DBG successfully refetched the token from disk

2023-05-13T16:10:44+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:10:49+03:30 DBG successfully refetched the token from disk

2023-05-13T16:10:49+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:10:54+03:30 DBG successfully refetched the token from disk

2023-05-13T16:10:54+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:10:59+03:30 DBG successfully refetched the token from disk

2023-05-13T16:10:59+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:11:04+03:30 DBG successfully refetched the token from disk

2023-05-13T16:11:04+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:11:09+03:30 DBG successfully refetched the token from disk

2023-05-13T16:11:09+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:11:14+03:30 DBG successfully refetched the token from disk

2023-05-13T16:11:14+03:30 ERR get device URL error="unauthenticated, or invalid token"

2023-05-13T16:11:19+03:30 DBG successfully refetched the token from disk

2023-05-13T16:11:19+03:30 ERR get device URL error="unauthenticated, or invalid token"
And Sometimes I do not get the unauthenticated error in the log file.
Copy code
| {"component":"http","err":": Authentication required","internal":"authentication error: invalid device authentication token","level":"info","path":"/api/latest/fleet/device/f10f252f-98e0-49d7-9579-4c302f8f3a47/desktop","ts":"2023-05-13T12:58:15.177743674Z"}
@Kathy Satterlee Should I upgrade the fleet desktop to a newer version??
@Kathy Satterlee Hi. Could you help me with my issue? I really need this. Sorry for bothering you.
k
Can you send over the Orbit logs as well? https://fleetdm.com/docs/using-fleet/orbit#logs
r
@Kathy Satterlee sure, I will send you the results as soon as possible.
@Kathy Satterlee Hi. Here are the latest logs as you asked. I can include more lines if you want to.
Copy code
I0529 09:48:53.933686 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 18
I0529 09:48:54.499902 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 16
I0529 09:48:55.325038 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 51
I0529 09:48:55.894472 15720 interfaces.cpp:130] Failed to retrieve physical state for interface 51
I0529 09:48:55.981992 15720 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 51
I0529 09:48:56.043208 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 21
I0529 09:48:56.405907 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 2
I0529 09:48:57.735041 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 1
I0529 09:48:58.071655 15720 interfaces.cpp:130] Failed to retrieve physical state for interface 1
I0529 09:48:58.175223 15720 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1
W0529 09:49:10.768491 17260 watcher.cpp:397] osqueryd worker (19768) stopping: Maximum sustainable CPU utilization limit exceeded: 12
2023-05-29T09:49:16+04:30 ERR unexpected exit error="deregistering extension: The pipe is being closed."
2023-05-29T09:49:17+04:30 INF running with auto updates disabled
2023-05-29T09:49:18+04:30 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate is not valid for any names, but wanted to match <http://fleet.iap.ir|fleet.iap.ir>"
2023-05-29T09:49:18+04:30 INF token rotation is enabled
2023-05-29T09:49:18+04:30 INF using insecure TLS proxy addr=localhost:65105 target=<https://fleet.iap.ir:8443/>
2023-05-29T09:49:18+04:30 INF start osqueryd cmd="C:\\Program Files\\Orbit\\bin\\osqueryd\\windows\\stable\\osqueryd.exe --pidfile=C:\\Program Files\\Orbit\\osquery.pid --database_path=C:\\Program Files\\Orbit\\osquery.db --extensions_socket=\\\\.\\pipe\\orbit-osquery-extension --logger_path=C:\\Program Files\\Orbit\\osquery_log --enroll_secret_env ENROLL_SECRET --host_identifier=uuid --tls_hostname=localhost:65105 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --tls_server_certs C:\\Program Files\\Orbit\\proxy\\fleet.crt --force --flagfile C:\\Program Files\\Orbit\\osquery.flags"
2023-05-29T09:49:18+04:30 INF killing any pre-existing fleet-desktop instances
2023-05-29T09:49:18+04:30 INF opening path="C:\\Program Files\\Orbit\\bin\\desktop\\windows\\stable\\fleet-desktop.exe"
I0529 09:49:19.535375  6632 interface.cpp:137] Registering extension (com.fleetdm.orbit.osquery_extension.v1, 19411, version=, sdk=)
I0529 09:49:23.781205 13460 eventfactory.cpp:156] Event publisher not enabled: ntfs_event_publisher: NTFS event publisher disabled via configuration
I0529 09:49:26.227126 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 18
I0529 09:49:26.792397 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 16
I0529 09:49:27.825057 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 51
I0529 09:49:28.020710 19400 interfaces.cpp:130] Failed to retrieve physical state for interface 51
I0529 09:49:28.063891 19400 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 51
I0529 09:49:28.084123 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 21
I0529 09:49:28.298921 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 2
I0529 09:49:29.283834 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 1
I0529 09:49:29.494470 19400 interfaces.cpp:130] Failed to retrieve physical state for interface 1
I0529 09:49:29.538328 19400 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1
E0529 09:49:33.302614 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89606: no such table: plist
E0529 09:49:34.621181 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89608: no such table: mounts
E0529 09:49:34.623375 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89610: no such table: alf
E0529 09:49:34.623924 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89611: no such table: managed_policies
E0529 09:49:35.110601 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89629: no such table: managed_policies
E0529 09:49:35.111601 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89630: no such table: alf
E0529 09:49:35.277271 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89632: no such table: plist
E0529 09:49:35.278852 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89633: no such table: mounts
2023-05-29T09:49:48+04:30 INF calling flags update
2023-05-29T09:50:18+04:30 INF calling flags update
2023-05-29T09:50:48+04:30 INF calling flags update
E0529 09:51:17.186219 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89637: no such table: managed_policies
E0529 09:51:17.190696 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89639: no such table: plist
E0529 09:51:18.537561 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89641: no such table: alf
2023-05-29T09:51:18+04:30 INF calling flags update
E0529 09:51:19.740813 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89644: no such table: mounts
2023-05-29T09:51:48+04:30 INF calling flags update
2023-05-29T09:52:18+04:30 INF calling flags update
2023-05-29T09:52:48+04:30 INF calling flags update
2023-05-29T09:53:18+04:30 INF calling flags update
E0529 09:53:47.882241 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89647: no such table: alf
E0529 09:53:47.883317 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89648: no such table: managed_policies
E0529 09:53:47.885655 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89649: no such table: mounts
E0529 09:53:48.470268 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89652: no such table: plist
2023-05-29T09:53:48+04:30 INF calling flags update
6 Views
Open in Slack
PreviousNext
Powered by