Kyle Goode
09/04/2022, 12:17 AMLucas Rodriguez
09/05/2022, 3:58 PM/api/latest/osquery/...
in your flagfile.txt
with /api/v1/osquery/...
Osquery API endpoints in Fleet are not versioned like the Fleet user API.
Let me know that works.Kyle Goode
09/07/2022, 4:55 AMLucas Rodriguez
09/07/2022, 11:00 AMflagfile.txt
?
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
W0903 19:12:55.460351 269113 tls_enroll.cpp:101] Failed enrollment request to <https://ip:8090/api/latest/osquery/enroll> (Cannot parse JSON: Invalid value. Offset: 0) retrying...
That seems to be the issue AFAICS (it expects a JSON body but nginx is returning a not found page?)Kyle Goode
09/08/2022, 3:59 AMLucas Rodriguez
09/08/2022, 2:02 PM<https://ip:8090/api/v1/osquery/enroll>
Kyle Goode
09/15/2022, 2:02 AMLucas Rodriguez
09/15/2022, 12:45 PMcurl -k -v -X POST <https://IP:8090/api/v1/osquery/enroll>
Kathy Satterlee
09/15/2022, 9:30 PM"secret":"1"
That should just be:
<your secret>
Can you run again with --verbose --tls_dump
to see if you're getting the same error now that the endpoint is correct?