https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi all! We are migrating from an older version of ...
# fleet
c
Hi all! We are migrating from an older version of fleet which uses the concept of packs, queries and schedules to the latest version (
4.68.0
). We migrated the old packs, queries and schedules by calling the fleet API that was used in the older version in the new version. The new fleet seems to have a lot of changes, notably packs don’t exist in the UI anymore and schedules are part of the queries itself now and there is this “Automations” stuff which needs to be turned on to write logs to filesystem. I’m assuming these are new features and the old way of doing things is deprecated. However, the old packs, schedules etc still seems to be supported by the backend and exist in the UI. And I’m able to see logs flowing in after I added schedules using the API even though the UI shows that no query has automations on and acc to UI I should not be getting results. I assume this is due to server support for the old way of doing things? I want to ask if fleet has reimplemented some of the features like logging and schedules in new places (eg: as part of query itself) while keeping the older behaviour intact too basically causing same features to exist in both places for reverse compatibility and thats where my UI confusion is coming from General guidance on how to move from the old way doing things using packs and schedules to the one way supported by the latest version would be very appreciated, Thank you!
f
we have this same issue, ended up created a helper link directly to the hidden backend: 
yoururl/packs/manage
also +1 on a migration guide or guidance.
k
Hi @Chloë Milburn! There are two new bits of 
fleetctl
functionality to help with the transition from packs to the new combined query/schedule schema: 
fleetctl convert
Allows you to convert an osquery pack configuration into the new query format. 
fleetctl upgrade-packs
Does the same for your already uploaded packs.
c
Tysmm! That is very convenient
Error: Login failed: POST /api/latest/fleet/login: do request: Post "<https://fleetdm.smuz.me:8080/api/latest/fleet/login>": tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
Is there a way to have fleetctl skip tls verification?
k
You'll need TLS for the agent to communicate properly and securely. If you've got a load balancer or proxy sitting in between Fleet and the agent that does terminate TLS, you can use this configuration setting: https://fleetdm.com/docs/configuration/fleet-server-configuration#server-tls
6 Views
Open in Slack
PreviousNext
Powered by