Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Has anyone else encountered the message below? This comes up when i execute `osqueryi` on a host. I can query the host from Fleet just fine but i find it odd that i get this message.

```W0805 11:47:50.721536  1194 tls_enroll.cpp:101] Failed enrollment request to <https://servername> (Cannot parse JSON: Invalid value. Offset: 0) retrying...```

Hi, <@U03J3RHCA93> ! Can you share the full url shown there? You can totally edit the domain, but I'd like to see the endpoint it's trying to hit. 

And are you using Orbit to enroll your hosts, or vanilla osquery?

It just showing the domain name and we're using vanilla osquery

It sounds like there's an issue with the osquery flags. It's interesting that it's communicating with Fleet in general... it could be that the flags changed after the initial enrollment. Do you have anything set for `--enroll_tls_endpoint`?

Should be
```--enroll_tls_endpoint=/api/v1/osquery/enroll```

This is the current flags we have configured
```--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=10
--enroll_secret_path=/var/osquery/enroll_secret
--enroll_tls_endpoint=/api/v1/osquery/enroll
--logger_plugin=filesystem,tls
--logger_event_type=false
--logger_path=/var/log/osquery
--logger_stderr=false
--tls_hostname=&lt;%= @servername %&gt;
--tls_server_certs=/var/osquery/osquery.pem```

Interesting, i get this when i specify the flagfile
```[user@server ~]$ osqueryi --flagfile=/etc/osquery/osquery.flags --verbose --tls_dump

{
  "error": "enroll failed: no matching secret found",
  "node_invalid": true
}```

You beat me to the
```--verbose --tls_dump```


If you compare the `enroll_secret` in `/var/osquery/enroll_secret` to the one displayed in Fleet, does it look good?

Copy paste some funny character or white space?

I believe i may have found the issue. I ran it as root with the flagfile and enroll secret and i was able to execute `osqueryi`. Looking at the permission, the enroll_secret file had a 400 permission so i wasn't able to read it under my account