https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi Guys, I have another issue when I add new windo...
# general
p
Hi Guys, I have another issue when I add new windows host on Fleet. When I run the below command on Windows 10 host then this machine is enrolled .
Copy code
C:\Program Files\osquery\osqueryd>osqueryd.exe --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_tls_max_attempts=10 --config_tls_refresh=10 --enroll_tls_endpoint=/api/v1/osquery/enroll --enroll_always=true --watchdog_memory_limit=350 --enroll_secret_path="C:\Program Files\osquery\secret" --tls_hostname=<http://fleet-demo.com:8080|fleet-demo.com:8080> --tls_server_certs "C:\Program Files\osquery\certs\<http://fleet-demo.com|fleet-demo.com>_8080.pem" --disable_distributed=false --distributed_plugin=tls --distributed_interval=10 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --logger_tls_period=10 --host_identifier=hexcode
But when I copy these to the osquery.flags file to run the osquery as a service, it returns the error "Windows could not start the osqueryd service on Local Computer" after I start the osqueryd service. Below is my osquery.flags configuration. Could someone help me on this? thanks so much
Copy code
--config_plugin=tls 
--config_tls_endpoint=/api/v1/osquery/config 
--config_tls_max_attempts=10 
--config_tls_refresh=10 
--enroll_tls_endpoint=/api/v1/osquery/enroll 
--enroll_always=true 
--watchdog_memory_limit=350 
--enroll_secret_path="C:\Program Files\osquery\secret" 
--tls_hostname=<http://fleet-demo.com:8080|fleet-demo.com:8080> 
--tls_server_certs "C:\Program Files\osquery\certs\<http://fleet-demo.com|fleet-demo.com>_8080.pem" 
--disable_distributed=false 
--distributed_plugin=tls 
--distributed_interval=10 
--distributed_tls_max_attempts=3 
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read 
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write 
--logger_plugin=tls 
--logger_tls_endpoint=/api/v1/osquery/log 
--logger_tls_period=10 
--host_identifier=hexcode
d
Not saying same - but im a newbie at this and i HAD a wierd issue with my FLAG file involving quotes. EVEN THOUGH program files has a space - the ONLY flag file option i could quote 'encapsulate' was DB path. All other i had no quotes that includes: --enroll_secret_path, --tls_server_certs, and --logger_path
5 Views
Open in Slack
PreviousNext
Powered by