Joe
08/05/2022, 6:52 PMosqueryi
on a host. I can query the host from Fleet just fine but i find it odd that i get this message.
W0805 11:47:50.721536 1194 tls_enroll.cpp:101] Failed enrollment request to <https://servername> (Cannot parse JSON: Invalid value. Offset: 0) retrying...
Kathy Satterlee
08/05/2022, 7:10 PMKathy Satterlee
08/05/2022, 7:10 PMKathy Satterlee
08/05/2022, 7:11 PMJoe
08/05/2022, 7:14 PMKathy Satterlee
08/05/2022, 7:24 PM--enroll_tls_endpoint
?Kathy Satterlee
08/05/2022, 7:27 PM--enroll_tls_endpoint=/api/v1/osquery/enroll
Joe
08/05/2022, 7:35 PM--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=10
--enroll_secret_path=/var/osquery/enroll_secret
--enroll_tls_endpoint=/api/v1/osquery/enroll
--logger_plugin=filesystem,tls
--logger_event_type=false
--logger_path=/var/log/osquery
--logger_stderr=false
--tls_hostname=<%= @servername %>
--tls_server_certs=/var/osquery/osquery.pem
Joe
08/05/2022, 7:46 PM[user@server ~]$ osqueryi --flagfile=/etc/osquery/osquery.flags --verbose --tls_dump
{
"error": "enroll failed: no matching secret found",
"node_invalid": true
}
Kathy Satterlee
08/05/2022, 7:48 PM--verbose --tls_dump
Kathy Satterlee
08/05/2022, 7:50 PMenroll_secret
in /var/osquery/enroll_secret
to the one displayed in Fleet, does it look good?Joe
08/05/2022, 7:52 PMBenjamin Edwards
08/05/2022, 7:58 PMJoe
08/05/2022, 8:03 PMJoe
08/05/2022, 8:30 PMosqueryi
. Looking at the permission, the enroll_secret file had a 400 permission so i wasn't able to read it under my accountKathy Satterlee
08/05/2022, 8:30 PM