Hi, it's me again from <https://osquery.slack.com/...
# fleett
Terra
10/17/2022, 4:02 PMHi, it's me again from https://osquery.slack.com/archives/C01DXJL16D8/p1665682341784749
We rollbacked our db to ensure the db was not causing the issue - it was not. I upgrade our PR fleet server to 4.21.0. No errors when running
systemctl status fleet.serviceTerra
10/17/2022, 4:11 PMSo I suppose my question is, is there any way to curb Fleet from using up all the memory? Is there any way I can set a max usage allowance? Right now it's set to 8GB. Our NP server is using less than 2% of that whereas our PR is using almost 90% and nothing is running
k
Kathy Satterlee
10/18/2022, 3:05 PMThere isn't a way to cap that usage on the Fleet side, but we can definitely keep looking in to what might be causing the freeze up some more! Are you still seeing
context cancelledt
Terra
10/18/2022, 5:46 PMHi again, yes but I think the "context cancelled" errors are unrelated. The NP server has those same errors too, but NP is functional.
Here's our theory - The query that guy ran that broke the PR is still trying to run every time the Fleet service starts up.
I don't know much about redis, but when I run "monitor", the terminal blows up as soon as I start the fleet service. I ran "flushdb" and "flushall" but restarting the fleet service still causes it to blow up. Not sure if there's a way to view the current queue or restart redis?
Terra
10/18/2022, 5:56 PMStarting fleet causes this to happen in redis (I have no idea what I'm looking at):
Terra
10/18/2022, 5:56 PMBut in NP, starting fleet while running monitor just does this:
z
zwass
10/18/2022, 7:13 PM
Can you shut down the Fleet servers, run the Redis
flushdbmonitort
Terra
10/18/2022, 8:39 PMDone - this is what it looks like but then a few seconds afterwards, it spams that gibberish you saw in the first screenshot
2 Views