Does anyone know how long fleet by default waits for a clien osquery #general

Does anyone know how long fleet (by default) waits...

Dan Achin

09/22/2020, 6:50 PM

Does anyone know how long fleet (by default) waits for a client check-in before it marks that client offline? Also, which client setting controls the 'check-in'? I'm guessing there may be various client actions that could signal to fleet that a client is online, including a config_refresh, or checking with the distributed query server to check if there are queries to execute (i.e. distributed_interval) and others. Any guidance?

Zach Zeid

09/22/2020, 6:54 PM

https://github.com/kolide/fleet/blob/7494513400b1d15d3e770358350d227ffbe2e4ce/server/kolide/hosts.go#L33

Dan Achin

09/22/2020, 6:54 PM

thanks

Dan Achin

09/22/2020, 6:55 PM

wouldn't a config refresh or a check for new queries generally flag a client as online?

Zach Zeid

09/22/2020, 6:56 PM

I think that might be

--config-refresh

on the client side.

Zach Zeid

09/22/2020, 6:57 PM

There is also #C1XCLA5DZ for these questions that might go further.

Dan Achin

09/22/2020, 6:58 PM

ack, thanks again.

zwass

09/22/2020, 10:47 PM

The linked code is the duration for MIA (hosts that have not been seen for 30 days). The online status is calculated for each host based on the observed intervals set for

config_refresh

logger_tls_period

, and

distributed_interval

. IIRC we give some grace period over the "expected" interval.

👍 1

2 Views

Open in Slack

Previous Next