Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
r
Reza
05/06/2023, 5:57 AMHello everyone.
Sorry, I have one issue that I would like to discuss with you.
I have installed the fleet desktop on my computer (v4.22.1). and sometimes Fleet Desktop icon will not appear on my desktop. I think when I restart my server the fleet agent gets some trouble connecting to the server again.
Are there any configs that I need to check ??
k
Kathy Satterlee
05/08/2023, 3:43 PMHi @Reza! I'd recommend checking the Fleet Desktop logs to see if there are any clues there:
• Linux:or$XDG_STATE_HOME/Fleet$HOME/.local/state/Fleet
• macOS:$HOME/Library/Logs/Fleet
• Windows:%LocalAppData%/Fleet
The log file name isfleet-desktop.log
r
Reza
05/13/2023, 5:16 AMHi @Kathy Satterlee
Thank you for your attention.
Here is the log:
These are the latest result that I had got.
2023-05-12T01:33:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:38:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:43:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:48:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:53:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T01:58:25+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T19:45:03+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T19:45:14+04:30 ERR get failing policies error="GET /api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop: Get \"<https://fleet.iap.ir:8443/api/latest/fleet/device/792bec1c-b61d-46ac-bd14-dab6a20b3030/desktop>\": net/http: TLS handshake timeout"
2023-05-12T19:45:41+04:30 INF token file changed, rechecking
2023-05-12T19:45:41+04:30 DBG disabling tray items
2023-05-12T19:45:41+04:30 DBG successfully refetched the token from disk
2023-05-12T19:45:42+04:30 DBG enabling tray items
2023-05-12T19:45:42+04:30 INF token file changed, rechecking
2023-05-12T19:45:42+04:30 DBG disabling tray items
2023-05-12T19:45:42+04:30 DBG successfully refetched the token from disk
2023-05-12T19:45:43+04:30 DBG enabling tray items
2023-05-12T19:47:14+04:30 INF Shutdown was requested!
2023-05-12T19:47:14+04:30 INF exit
2023-05-12T19:47:24+04:30 INF fleet-desktop version=1.3.1
2023-05-12T19:47:24+04:30 INF Comm channel was acquired
2023-05-12T19:47:25+04:30 INF ready
2023-05-12T19:47:25+04:30 DBG successfully refetched the token from disk
2023-05-12T19:47:26+04:30 DBG enabling tray items
2023-05-12T19:52:25+04:30 INF token file changed, rechecking
2023-05-12T19:52:25+04:30 DBG disabling tray items
2023-05-12T19:52:25+04:30 DBG successfully refetched the token from disk
2023-05-12T19:52:25+04:30 DBG enabling tray items
2023-05-12T19:52:26+04:30 INF token file changed, rechecking
2023-05-12T19:52:26+04:30 DBG disabling tray items
2023-05-12T19:52:26+04:30 DBG successfully refetched the token from disk
2023-05-12T19:52:26+04:30 DBG enabling tray items
2023-05-12T19:57:26+04:30 INF token file changed, rechecking
2023-05-12T19:57:26+04:30 DBG disabling tray items
2023-05-12T19:57:26+04:30 DBG successfully refetched the token from disk
2023-05-12T19:57:26+04:30 DBG enabling tray items
2023-05-12T19:57:26+04:30 DBG disabling tray items
2023-05-12T19:57:26+04:30 DBG successfully refetched the token from disk
2023-05-12T19:57:27+04:30 DBG enabling tray items
2023-05-12T20:02:20+04:30 INF exitI just want to mention that one of my colleagues has the same issue as me on macOS however the log is different and fleet desktop icon just would say connecting here is the log for that:
2023-05-13T16:10:39+03:30 DBG successfully refetched the token from disk
2023-05-13T16:10:39+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:10:44+03:30 DBG successfully refetched the token from disk
2023-05-13T16:10:44+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:10:49+03:30 DBG successfully refetched the token from disk
2023-05-13T16:10:49+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:10:54+03:30 DBG successfully refetched the token from disk
2023-05-13T16:10:54+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:10:59+03:30 DBG successfully refetched the token from disk
2023-05-13T16:10:59+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:11:04+03:30 DBG successfully refetched the token from disk
2023-05-13T16:11:04+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:11:09+03:30 DBG successfully refetched the token from disk
2023-05-13T16:11:09+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:11:14+03:30 DBG successfully refetched the token from disk
2023-05-13T16:11:14+03:30 ERR get device URL error="unauthenticated, or invalid token"
2023-05-13T16:11:19+03:30 DBG successfully refetched the token from disk
2023-05-13T16:11:19+03:30 ERR get device URL error="unauthenticated, or invalid token"And Sometimes I do not get the unauthenticated error in the log file.
| {"component":"http","err":": Authentication required","internal":"authentication error: invalid device authentication token","level":"info","path":"/api/latest/fleet/device/f10f252f-98e0-49d7-9579-4c302f8f3a47/desktop","ts":"2023-05-13T12:58:15.177743674Z"}@Kathy Satterlee
Should I upgrade the fleet desktop to a newer version??
@Kathy Satterlee
Hi. Could you help me with my issue? I really need this.
Sorry for bothering you.
k
Kathy Satterlee
05/22/2023, 2:07 PMCan you send over the Orbit logs as well?
https://fleetdm.com/docs/using-fleet/orbit#logs
r
Reza
05/28/2023, 3:18 AM@Kathy Satterlee sure, I will send you the results as soon as possible.
@Kathy Satterlee
Hi.
Here are the latest logs as you asked.
I can include more lines if you want to.
I0529 09:48:53.933686 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 18
I0529 09:48:54.499902 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 16
I0529 09:48:55.325038 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 51
I0529 09:48:55.894472 15720 interfaces.cpp:130] Failed to retrieve physical state for interface 51
I0529 09:48:55.981992 15720 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 51
I0529 09:48:56.043208 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 21
I0529 09:48:56.405907 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 2
I0529 09:48:57.735041 15720 interfaces.cpp:102] Failed to retrieve network statistics for interface 1
I0529 09:48:58.071655 15720 interfaces.cpp:130] Failed to retrieve physical state for interface 1
I0529 09:48:58.175223 15720 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1
W0529 09:49:10.768491 17260 watcher.cpp:397] osqueryd worker (19768) stopping: Maximum sustainable CPU utilization limit exceeded: 12
2023-05-29T09:49:16+04:30 ERR unexpected exit error="deregistering extension: The pipe is being closed."
2023-05-29T09:49:17+04:30 INF running with auto updates disabled
2023-05-29T09:49:18+04:30 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate is not valid for any names, but wanted to match <http://fleet.iap.ir|fleet.iap.ir>"
2023-05-29T09:49:18+04:30 INF token rotation is enabled
2023-05-29T09:49:18+04:30 INF using insecure TLS proxy addr=localhost:65105 target=<https://fleet.iap.ir:8443/>
2023-05-29T09:49:18+04:30 INF start osqueryd cmd="C:\\Program Files\\Orbit\\bin\\osqueryd\\windows\\stable\\osqueryd.exe --pidfile=C:\\Program Files\\Orbit\\osquery.pid --database_path=C:\\Program Files\\Orbit\\osquery.db --extensions_socket=\\\\.\\pipe\\orbit-osquery-extension --logger_path=C:\\Program Files\\Orbit\\osquery_log --enroll_secret_env ENROLL_SECRET --host_identifier=uuid --tls_hostname=localhost:65105 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --tls_server_certs C:\\Program Files\\Orbit\\proxy\\fleet.crt --force --flagfile C:\\Program Files\\Orbit\\osquery.flags"
2023-05-29T09:49:18+04:30 INF killing any pre-existing fleet-desktop instances
2023-05-29T09:49:18+04:30 INF opening path="C:\\Program Files\\Orbit\\bin\\desktop\\windows\\stable\\fleet-desktop.exe"
I0529 09:49:19.535375 6632 interface.cpp:137] Registering extension (com.fleetdm.orbit.osquery_extension.v1, 19411, version=, sdk=)
I0529 09:49:23.781205 13460 eventfactory.cpp:156] Event publisher not enabled: ntfs_event_publisher: NTFS event publisher disabled via configuration
I0529 09:49:26.227126 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 18
I0529 09:49:26.792397 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 16
I0529 09:49:27.825057 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 51
I0529 09:49:28.020710 19400 interfaces.cpp:130] Failed to retrieve physical state for interface 51
I0529 09:49:28.063891 19400 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 51
I0529 09:49:28.084123 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 21
I0529 09:49:28.298921 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 2
I0529 09:49:29.283834 19400 interfaces.cpp:102] Failed to retrieve network statistics for interface 1
I0529 09:49:29.494470 19400 interfaces.cpp:130] Failed to retrieve physical state for interface 1
I0529 09:49:29.538328 19400 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1
E0529 09:49:33.302614 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89606: no such table: plist
E0529 09:49:34.621181 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89608: no such table: mounts
E0529 09:49:34.623375 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89610: no such table: alf
E0529 09:49:34.623924 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89611: no such table: managed_policies
E0529 09:49:35.110601 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89629: no such table: managed_policies
E0529 09:49:35.111601 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89630: no such table: alf
E0529 09:49:35.277271 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89632: no such table: plist
E0529 09:49:35.278852 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89633: no such table: mounts
2023-05-29T09:49:48+04:30 INF calling flags update
2023-05-29T09:50:18+04:30 INF calling flags update
2023-05-29T09:50:48+04:30 INF calling flags update
E0529 09:51:17.186219 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89637: no such table: managed_policies
E0529 09:51:17.190696 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89639: no such table: plist
E0529 09:51:18.537561 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89641: no such table: alf
2023-05-29T09:51:18+04:30 INF calling flags update
E0529 09:51:19.740813 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89644: no such table: mounts
2023-05-29T09:51:48+04:30 INF calling flags update
2023-05-29T09:52:18+04:30 INF calling flags update
2023-05-29T09:52:48+04:30 INF calling flags update
2023-05-29T09:53:18+04:30 INF calling flags update
E0529 09:53:47.882241 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89647: no such table: alf
E0529 09:53:47.883317 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89648: no such table: managed_policies
E0529 09:53:47.885655 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89649: no such table: mounts
E0529 09:53:48.470268 19400 distributed.cpp:165] Error executing distributed query: fleet_distributed_query_89652: no such table: plist
2023-05-29T09:53:48+04:30 INF calling flags update