Can anyone help me with how can I connect Fleetdm to plain osquery

@Piyush Anand perhaps this can help? https://fleetdm.com/docs/using-fleet/adding-hosts#plain-osquery

@koo Actually I read this article earlier also and not able do the required conf. Can you help me with the same ?

Have you been able to set an e*nrolment secret?*

I am on the initial stage

@Piyush Anand where you able to figure this out?

Yes i was able to set an enrolment secret

Hi @Piyush Anand I think you might need to look at the osquery TLS API plugins for a more apt explanation on how to do this. You can find the documentation here. https://osquery.readthedocs.io/en/stable/deployment/remote/ However from a single glance at the Fleet docs, I think you might need to start

osqueryd

with some of the following flags

sudo osqueryd \
 --enroll_secret_path=/etc/osquery/enroll_secret \
 --tls_server_certs=/etc/osquery/fleet.crt \
 --tls_hostname=<http://fleet.example.com|fleet.example.com> \
 --host_identifier=uuid \
 --enroll_tls_endpoint=/api/osquery/enroll \
 --config_plugin=tls \
 --config_tls_endpoint=/api/osquery/config \
 --config_refresh=10 \
 --disable_distributed=false \
 --distributed_plugin=tls \
 --distributed_interval=10 \
 --distributed_tls_max_attempts=3 \
 --distributed_tls_read_endpoint=/api/osquery/distributed/read \
 --distributed_tls_write_endpoint=/api/osquery/distributed/write \
 --logger_plugin=tls \
 --logger_tls_endpoint=/api/osquery/log \
 --logger_tls_period=10

Hii,

Sorry about that. Is this resolved for you at this time

No. The issue is not resolved yet

What version of fleet are you running? Head to the "My account" page in the Fleet UI or run

fleetctl --version

. What did you do when you received the 500 page? Did you try downloading the enroll secret, fleet certificate, or flagfile? Also, do you have access to the logs from fleet?

I have access to the logs but i am not able to download the fleet certificate

When you try to download the fleet certificate, do the logs show any errors? This would help me track down the issue

Hello Michal,

It depends on how you are running fleet. By default fleet will log to stderr. Are you using

fleetctl preview

?

Yes fleetctl preview

There may be a better way, but you can view the logs using docker

docker logs fleet-preview-server-fleet02-1

Let me check and find out the respective logs and send you

Actually, according to https://github.com/fleetdm/fleet/issues/4304#issuecomment-1047028029, this is expected behaviour. fleetctl preview does not use https/tls, and therefore does not have a certificate

But when i open the gui on the browser i use https

can you please confirm what version you are running, using

fleetctl --version

?

Version is 4.12.0

Can you try going to https://localhost:8412 and download the certificate? preview starts up a 2nd fleet server with tls enabled that is used primarily by osqueryd

Wait let me check

fleetctl preview is currently meant for trying out fleet. But yes, you should be able to replace localhost with the ip address of the server running fleetctl preview