https://github.com/osquery/osquery logo
Join Slack
Powered by
Can anyone help me with how can I connect Fleetdm ...
# general
p
Can anyone help me with how can I connect Fleetdm to plain osquery
k
p
@koo Actually I read this article earlier also and not able do the required conf. Can you help me with the same ?
k
Have you been able to set an e*nrolment secret?*
p
I am on the initial stage
I want to connect a windows machine via plain osquery
Heyy u there ?
k
@Piyush Anand where you able to figure this out?
p
Yes i was able to set an enrolment secret
but after that how can i use osquerdyd to communicate with fleet server
k
Hi @Piyush Anand I think you might need to look at the osquery TLS API plugins for a more apt explanation on how to do this. You can find the documentation here. https://osquery.readthedocs.io/en/stable/deployment/remote/ However from a single glance at the Fleet docs, I think you might need to start 
osqueryd
with some of the following flags
Copy code
sudo osqueryd \
 --enroll_secret_path=/etc/osquery/enroll_secret \
 --tls_server_certs=/etc/osquery/fleet.crt \
 --tls_hostname=<http://fleet.example.com|fleet.example.com> \
 --host_identifier=uuid \
 --enroll_tls_endpoint=/api/osquery/enroll \
 --config_plugin=tls \
 --config_tls_endpoint=/api/osquery/config \
 --config_refresh=10 \
 --disable_distributed=false \
 --distributed_plugin=tls \
 --distributed_interval=10 \
 --distributed_tls_max_attempts=3 \
 --distributed_tls_read_endpoint=/api/osquery/distributed/read \
 --distributed_tls_write_endpoint=/api/osquery/distributed/write \
 --logger_plugin=tls \
 --logger_tls_endpoint=/api/osquery/log \
 --logger_tls_period=10
p
Hii,
I started the osqueryd with the above options you have sent and did the necessary changes b ut still facing issue
facing this issue on the fleetdm ui
When i click on add host--> advanced --> Plain osquery
k
Sorry about that. Is this resolved for you at this time
?
p
No. The issue is not resolved yet
m
What version of fleet are you running? Head to the "My account" page in the Fleet UI or run 
fleetctl --version
. What did you do when you received the 500 page? Did you try downloading the enroll secret, fleet certificate, or flagfile? Also, do you have access to the logs from fleet?
p
I have access to the logs but i am not able to download the fleet certificate
m
When you try to download the fleet certificate, do the logs show any errors? This would help me track down the issue
p
Hello Michal,
Where i can find these logs ?
Actually i am new to fleet
m
It depends on how you are running fleet. By default fleet will log to stderr. Are you using 
fleetctl preview
?
p
Yes fleetctl preview
m
There may be a better way, but you can view the logs using docker
Copy code
docker logs fleet-preview-server-fleet02-1
p
Let me check and find out the respective logs and send you
I appreciate your help
m
Actually, according to https://github.com/fleetdm/fleet/issues/4304#issuecomment-1047028029, this is expected behaviour. fleetctl preview does not use https/tls, and therefore does not have a certificate
p
But when i open the gui on the browser i use https
👀 1
And without the fleet certificate how can i connect a host machine using plain osquery
m
can you please confirm what version you are running, using 
fleetctl --version
?
Actually, let me follow up with the team. I am not sure if this is really supported in fleetctl preview
p
Version is 4.12.0
Go version : go1.17.8
m
Can you try going to https://localhost:8412 and download the certificate? preview starts up a 2nd fleet server with tls enabled that is used primarily by osqueryd
p
Wait let me check
In the replacement of localhost the ip of my server on which i have deployed fleet right ?
m
fleetctl preview is currently meant for trying out fleet. But yes, you should be able to replace localhost with the ip address of the server running fleetctl preview
99 Views
Open in Slack
PreviousNext
Powered by