Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
c
cdown512
02/25/2021, 6:04 PMDoes anyone know offhand when using osquery in tls refresh mode for the config profile, if there is a valid profile downloaded and a schedule of queries handed off to the scheduler, then comms to the tls config endpoint serving the profile are interupted for subsequent refreshes, does the Scheduler continue running the last successfully refreshed schedule of queries?
z
zwass
02/25/2021, 6:16 PMYes it does.
c
cdown512
02/25/2021, 6:22 PMThanks.
what if communication is in place, but the endpoint serving the configuration profile returns a 500?
z
zwass
02/25/2021, 10:44 PMI would expect it to continue using the old config. If it doesn't that's a bug IMO.
c
cdown512
02/25/2021, 11:01 PMagreed. gonna do some more digging and try to reproduce, but seeing some odd behavior. I severed comms to the tls endpoint completely but osquery is continuing to run the previously downloaded schedule just fine. so it seems like something with getting a connection but unexpected response. old version of osquery I’m using, so also possible if it is a bug, it’s been addressed. thanks @zwass
z
zwass
02/25/2021, 11:41 PMYeah trying it on osquery stable makes sense.