Does anyone know offhand when using osquery in tls refresh mode for the config profile, if there is a valid profile downloaded and a schedule of queries handed off to the scheduler, then comms to the tls config endpoint serving the profile are interupted for subsequent refreshes, does the Scheduler continue running the last successfully refreshed schedule of queries?
02/25/2021, 6:16 PM
Yes it does.
02/25/2021, 6:22 PM
what if communication is in place, but the endpoint serving the configuration profile returns a 500?
02/25/2021, 10:44 PM
I would expect it to continue using the old config. If it doesn't that's a bug IMO.
02/25/2021, 11:01 PM
agreed. gonna do some more digging and try to reproduce, but seeing some odd behavior. I severed comms to the tls endpoint completely but osquery is continuing to run the previously downloaded schedule just fine. so it seems like something with getting a connection but unexpected response. old version of osquery I’m using, so also possible if it is a bug, it’s been addressed. thanks @zwass