Hi everyone i m in the process of upgrading osquery from v4 osquery #fleet

Hi everyone, i'm in the process of upgrading osque...

Joe

08/04/2022, 4:42 PM

Hi everyone, i'm in the process of upgrading osquery from v4.8.0 to v5.4.0 and after upgrading to 5.4.0, i did a config check and i get the results below.

Copy code

[user@server ~]$ osqueryctl config-check
W0804 09:25:28.146324  9466 options.cpp:106] The CLI only flag --config_plugin set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146414  9466 options.cpp:106] The CLI only flag --config_tls_endpoint set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146471  9466 options.cpp:106] The CLI only flag --enroll_secret_path set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146488  9466 options.cpp:106] The CLI only flag --enroll_tls_endpoint set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146525  9466 options.cpp:106] The CLI only flag --logger_plugin set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146555  9466 options.cpp:106] The CLI only flag --tls_hostname set via config file will be ignored, please use a flagfile or pass it to the process at startup
W0804 09:25:28.146572  9466 options.cpp:106] The CLI only flag --tls_server_certs set via config file will be ignored, please usea flagfile or pass it to the process at startup

In addition when i try to configure the flag file i get the message below.

Copy code

[user@server ~]$ osqueryd --verbose --flagfile /etc/osquery/osquery.flags
I0804 09:26:30.224347  9792 tls.cpp:255] TLS/HTTPS POST request to URI: https://*servername*/api/vi/osquery/enroll/
W0804 09:26:30.235630  9792 tls_enroll.cpp:101] Failed enrollment request to https://*servername*/api/vi/osquery/enroll/ (Cannot parse JSON: The document root must not be followed by other values. Offset: 4) retrying...

zwass

08/04/2022, 4:50 PM

Is that really a

/vi/

rather than

/v1/

in the path? That would definitely cause the issue if so.

Joe

08/04/2022, 4:52 PM

it is

/vi/

, should it be

/v1/

zwass

08/04/2022, 4:59 PM

Yes

Joe

08/04/2022, 5:00 PM

Ahhhh, i'll make a change and see if that works! Thanks for taking the time to look

73 Views

Open in Slack

Previous Next