Hi everyone, i'm currently investigating a reason ...
# fleetj
Joe
10/13/2022, 2:08 PMHi everyone, i'm currently investigating a reason for an excessive memory utilization coming from Fleet and i was wondering where i can find the logs. It doesn't seem to be in /var/log
k
Kathy Satterlee
10/13/2022, 2:30 PMHi @Joe ! By default, Fleet logs to the console with
stdoutstderrj
Joe
10/13/2022, 2:38 PMAh perfect, thank you!
k
Kathy Satterlee
10/13/2022, 3:10 PMAny time! Let me know if anything pops up that looks interesting/odd.
j
Joe
10/13/2022, 3:15 PMWhenever we start the service, memory utilization spikes and then the service fails to start
Joe
10/13/2022, 3:16 PMDo you by chance have any clue what might be causing it?
k
Kathy Satterlee
10/13/2022, 3:30 PMHave there been any recent changes on your end (Fleet upgrade, etc)
What version of Fleet are you using?
How much memory is allocated?
j
Joe
10/13/2022, 3:32 PMNo changes have been made so far. We're running v4.17.1 and 8GB is allocated for the fleet server
k
Kathy Satterlee
10/13/2022, 3:46 PMI'd definitely recommend updating Fleet to the latest version, there are some performance enhancements along the way 🙂
That being said, “context canceled” errors usually mean that the connection to the database is taking too long and timing out. Can you run the following on your database?
Copy code
show engine innodb status;
show processlist;j
Joe
10/13/2022, 5:46 PMI tried running this under root but i still keep getting an access denied
Copy code
MariaDB [kolide]> show engine innodb status;
ERROR 1227 (42000): Access denied; you need (at least one of) the PROCESS privilege(s) for this operation Copy code
MariaDB [kolide]> SHOW processlist;
+----+--------+-----------+--------+---------+------+-------+------------------+----------+
| Id | User | Host | db | Command | Time | State | Info | Progress |
+----+--------+-----------+--------+---------+------+-------+------------------+----------+
| 13 | kolide | localhost | kolide | Query | 0 | init | SHOW processlist | 0.000 |
+----+--------+-----------+--------+---------+------+-------+------------------+----------+
1 row in set (0.00 sec)k
Kathy Satterlee
10/13/2022, 7:00 PMOne thing that stands out there is that you're using MariaDB. Just as a note, that isn't supported and we'd really recommend using MySQL.
Just wanted to make sure... are you working with @Terra over on this thread?:
https://osquery.slack.com/archives/C01DXJL16D8/p1665682341784749
The details here are similar enough that I want to make sure these were two separate Fleet setups.
j
Joe
10/13/2022, 7:21 PMYes i am
k
Kathy Satterlee
10/13/2022, 8:44 PMGood deal. we'll keep the conversation going over in that thread just so I don't keep telling y'all to do the same thing 🙂