https://github.com/osquery/osquery logo
Join Slack
Powered by
```Hello, how are you, I hope you are well! I depl...
# fleet
b
Copy code
Hello, how are you, I hope you are well!
I deployed a fleet of which I deployed osquery agents. Getting to a certain number of agents, often when a new host is deployed, it downgrades another one from the list. I get the following errors on the output to the osquery server:
1/osquery/distributed/read","ts":"2022-09-05T152012.164277378Z"} Sep 5 152015 osquery fleet[69161]: {"component":"http","err":"authentication error: invalid node key: /uLuK4hiUVdU3hZVXS5dcivDzQFpwfAX","level":"info","path":"/api/v1/osquery/config","ts":"2022-09-05T152015.9287988Z"}
k
Hi @Boubacary Diallo! That's certainly odd behavior. A few questions: 1. How many hosts do you have enrolled? 2. How are you deploying osquery? 3. What are you using as the host identifier? Could those be duplicated across hosts? 4. Once you reach a specific number of hosts, do all new hosts replace existing ones or only some? If only specific hosts, do those share anything in common that stands out? 5. Are there any errors in the Fleet server logs that coincide with the osquery errors?
b
Copy code
Hi thank you very much, I found the solution. By the way, we had to clone certain machines on hyper-V so they had the same uid, so fleet compares then downgrades one, saying it's the same machine. I solved this in the YAML configuratipo file, I chained host_identifier: hostname, instead of uid.
Thank you very much for your availability.
k
That's great! I thought it was likely to be something along these lines.
b
oui ca été ainsi. Merci infiniment
12 Views
Open in Slack
PreviousNext
Powered by