Title
#fleet
j

Joe

08/04/2022, 4:42 PM
Hi everyone, i'm in the process of upgrading osquery from v4.8.0 to v5.4.0 and after upgrading to 5.4.0, i did a config check and i get the results below.
[user@server ~]$ osqueryctl config-check
W0804 09:25:28.146324  9466 options.cpp:106] The CLI only flag --config_plugin set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146414  9466 options.cpp:106] The CLI only flag --config_tls_endpoint set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146471  9466 options.cpp:106] The CLI only flag --enroll_secret_path set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146488  9466 options.cpp:106] The CLI only flag --enroll_tls_endpoint set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146525  9466 options.cpp:106] The CLI only flag --logger_plugin set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146555  9466 options.cpp:106] The CLI only flag --tls_hostname set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146572  9466 options.cpp:106] The CLI only flag --tls_server_certs set via config file will be ignored, please usea flagfile or pass it to the process at startup
In addition when i try to configure the flag file i get the message below.
[user@server ~]$ osqueryd --verbose --flagfile /etc/osquery/osquery.flags
I0804 09:26:30.224347  9792 tls.cpp:255] TLS/HTTPS POST request to URI: https://*servername*/api/vi/osquery/enroll/
W0804 09:26:30.235630  9792 tls_enroll.cpp:101] Failed enrollment request to https://*servername*/api/vi/osquery/enroll/ (Cannot parse JSON: The document root must not be followed by other values. Offset: 4) retrying...
zwass

zwass

08/04/2022, 4:50 PM
Is that really a
/vi/
rather than
/v1/
in the path? That would definitely cause the issue if so.
j

Joe

08/04/2022, 4:52 PM
it is
/vi/
, should it be
/v1/
?
zwass

zwass

08/04/2022, 4:59 PM
Yes
j

Joe

08/04/2022, 5:00 PM
Ahhhh, i'll make a change and see if that works! Thanks for taking the time to look