https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi everyone, osquery service is not connecting wit...
# fleet
z
Hi everyone, osquery service is not connecting with fleet server. i have tried below commands to connect osquery service to fleet server but unable to connect to fleet server. sc.exe create osqueryd type= own start= auto binpath= "\"C:\Program Files\osquery\osqueryd\osqueryd.exe\" --flagfile=\"C:\Program Files\osquery\osquery.flags\"" displayname= osqueryd .\manage-osqueryd.ps1 -install -startupArgs "C:\Program Files\osquery\osquery.flags" :"C:\Program Files\osquery\osqueryd\osqueryd.exe" --flagfile="C:\Program Files\osquery\osquery.flags" --install Here is my flagfile (osquery.flags) # Server --tls_hostname=MyIP:8080 --tls_server_certs="C:\Program Files\osquery\certs\fleet.pem" # Enrollment --host_identifier=instance --enroll_secret_path="C:\Program Files\osquery\certs\enroll_secret" --enroll_tls_endpoint="C:\Program Files\osquery\" # Configuration --config_plugin=tls #--config_tls_endpoint=/api/v1/osquery/config --config_tls_endpoint="C:\Program Files\osquery\osquery.conf" --config_refresh=10 # Live query --disable_distributed=false --distributed_plugin=tls --distributed_interval=10 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint="C:\Program Files\osquery\certs\" --distributed_tls_write_endpoint="C:\Program Files\osquery" # Logging --logger_plugin=tls --logger_tls_endpoint="C:\Program Files\osquery\log" # File carving --disable_carver=false #--carver_start_endpoint=/api/v1/osquery/carve/begin #--carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 Please identify the issue.
k
Hi, @Zohaib Nasir! Make sure your tls endpoints are pointing to the appropriate endpoint on the Fleet server. Here's the example from the Docs that you can reference:
Copy code
--enroll_secret_path=/etc/osquery/enroll_secret \
 --tls_server_certs=/etc/osquery/fleet.crt \
 --tls_hostname=<http://fleet.example.com|fleet.example.com> \
 --host_identifier=uuid \
 --enroll_tls_endpoint=/api/v1/osquery/enroll \
 --config_plugin=tls \
 --config_tls_endpoint=/api/v1/osquery/config \
 --config_refresh=10 \
 --disable_distributed=false \
 --distributed_plugin=tls \
 --distributed_interval=10 \
 --distributed_tls_max_attempts=3 \
 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read \
 --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write \
 --logger_plugin=tls \
 --logger_tls_endpoint=/api/v1/osquery/log \
 --logger_tls_period=10
27 Views
Open in Slack
PreviousNext
Powered by