https://github.com/osquery/osquery logo
#tls
Title
# tls
c

cdown512

02/25/2021, 6:04 PM
Does anyone know offhand when using osquery in tls refresh mode for the config profile, if there is a valid profile downloaded and a schedule of queries handed off to the scheduler, then comms to the tls config endpoint serving the profile are interupted for subsequent refreshes, does the Scheduler continue running the last successfully refreshed schedule of queries?
z

zwass

02/25/2021, 6:16 PM
Yes it does.
c

cdown512

02/25/2021, 6:22 PM
Thanks.
what if communication is in place, but the endpoint serving the configuration profile returns a 500?
z

zwass

02/25/2021, 10:44 PM
I would expect it to continue using the old config. If it doesn't that's a bug IMO.
c

cdown512

02/25/2021, 11:01 PM
agreed. gonna do some more digging and try to reproduce, but seeing some odd behavior. I severed comms to the tls endpoint completely but osquery is continuing to run the previously downloaded schedule just fine. so it seems like something with getting a connection but unexpected response. old version of osquery I’m using, so also possible if it is a bug, it’s been addressed. thanks @zwass
z

zwass

02/25/2021, 11:41 PM
Yeah trying it on osquery stable makes sense.
4 Views