https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
p

Persistent SOC

02/25/2019, 3:59 PM
We are facing the above error while adding another host to fleet ! Kindly help !
s

srozb

02/25/2019, 4:44 PM
https://osquery.readthedocs.io/en/stable/deployment/debugging/ why don't you try 
Inspecting TLS/HTTPS body request and responses
?
p

Persistent SOC

02/26/2019, 1:40 AM
We have tried inspecting TLS/HTTPS body request and we received below response --
root@user-Veriton-M200-H81:/etc/osquery# osqueryd --flagfile=/etc/osquery/kolide.flags I0225 211129.682739 9072 init.cpp:416] osquery initialized [version=3.3.2] I0225 211129.703919 9072 system.cpp:370] Found stale process for osqueryd (8692) I0225 211129.703961 9072 system.cpp:402] Writing osqueryd pid (9072) to /var/run/osqueryd.pidfile I0225 211129.704016 9072 extensions.cpp:343] Could not autoload extensions: Failed reading: /etc/osquery/extensions.load I0225 211129.704699 9073 watcher.cpp:583] osqueryd watcher (9072) executing worker (9074) I0225 211129.711246 9074 init.cpp:413] osquery worker initialized [watcher=9072] I0225 211129.711366 9074 rocksdb.cpp:134] Opening RocksDB handle: /var/osquery/osquery.db I0225 211130.045176 9074 database.cpp:563] Checking database version for migration I0225 211130.045385 9074 tls_enroll.cpp:60] TLSEnrollPlugin requesting a node enroll key from: https://10.44.51.20:8080/api/v1/osquery/enroll I0225 211130.045399 9082 interface.cpp:265] Extension manager service starting: /var/osquery/osquery.em I0225 211130.045578 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node I0225 211130.046368 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node I0225 211130.046581 9074 tls.cpp:240] TLS/HTTPS POST request to URI: https://10.44.51.20:8080/api/v1/osquery/enroll {"enroll_secret":"ByHTFrO2YlMckbWnt2wv/fBlPEVh2nYJ","host_identifier":"user-Veriton-M200-H81","platform_type":"9","host_details":{"os_version":{"_id":"16.04","codename":"xenial","major":"16","minor":"04","name":"Ubuntu","patch":"0","platform":"ubuntu","platform_like":"debian","version":"16.04.6 LTS (Xenial Xerus)"},"osquery_info":{"build_distro":"xenial","build_platform":"ubuntu","config_hash":"","config_valid":"0","extensions":"inactive","instance_id":"7597e1bf-a6d7-4596-936a-669106647d23","pid":"9074","start_time":"1551109289","uuid":"612A6146-9646-11E4-A83F-35B550325E00","version":"3.3.2","watcher":"9072"},"platform_info":{"address":"0xf000","date":"10/27/2014","extra":"","revision":"4.6","size":"4194304","vendor":"American Megatrends Inc.","version":"036","volume_size":"0"},"system_info":{"computer_name":"user-Veriton-M200-H81","cpu_brand":"Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","cpu_logical_cores":"4","cpu_microcode":"0x25","cpu_physical_cores":"4","cpu_subtype":"60","cpu_type":"x86_64","hardware_model":"Veriton M200-H81","hardware_serial":"UXVJSSIC82F0274029","hardware_vendor":"Acer","hardware_version":"1.02","hostname":"user-Veriton-M200-H81","local_hostname":"user-Veriton-M200-H81","physical_memory":"8288813056","uuid":"612A6146-9646-11E4-A83F-35B550325E00"}}} W0225 211130.116509 9074 tls_enroll.cpp:67] Failed enrollment request to https://10.44.51.20:8080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... I0225 211131.117209 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node I0225 211131.118067 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node I0225 211131.118219 9074 tls.cpp:240] TLS/HTTPS POST request to URI: https://10.44.51.20:8080/api/v1/osquery/enroll
8 Views
Powered by