Boubacary Diallo
09/06/2022, 4:02 PMHello, how are you, I hope you are well!
I deployed a fleet of which I deployed osquery agents. Getting to a certain number of agents, often when a new host is deployed, it downgrades another one from the list. I get the following errors on the output to the osquery server:
1/osquery/distributed/read","ts":"2022-09-05T15:20:12.164277378Z"}
Sep 5 15:20:15 osquery fleet[69161]: {"component":"http","err":"authentication error: invalid node key: /uLuK4hiUVdU3hZVXS5dcivDzQFpwfAX","level":"info","path":"/api/v1/osquery/config","ts":"2022-09-05T15:20:15.9287988Z"}Kathy Satterlee
09/06/2022, 4:29 PMBoubacary Diallo
09/06/2022, 5:09 PMHi thank you very much, I found the solution. By the way, we had to clone certain machines on hyper-V so they had the same uid, so fleet compares then downgrades one, saying it's the same machine. I solved this in the YAML configuratipo file, I chained host_identifier: hostname, instead of uid.
Thank you very much for your availability.
Kathy Satterlee
09/06/2022, 5:18 PMBoubacary Diallo
09/06/2022, 9:00 PM