Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
z
zhong
01/14/2022, 3:12 PMHello all, I'm working with some RHEL endpoints being hosted on AWS. I'm attempting to clone one of my endpoints and add the clones to fleet but when I do, fleet seems to confuse the original with the clones. I've changed the hostnames and made sure that they all have different IPs and serial number. When i add them to fleet, they do not show up as individual endpoints but when I try to Refetch the original endpoint i see its IP change and the hostname change. So it seems like fleet thinks that they are all the same endpoint. Anyone encountered this before?
l
Lucas Rodriguez
01/14/2022, 4:33 PMI believe you want to change the config in fleet to use a different identifier for hosts https://fleetdm.com/docs/deploying/configuration#osquery-host-identifier
Let me double check with the team though.
z
zhong
01/14/2022, 4:34 PMthank you!
l
Lucas Rodriguez
01/14/2022, 5:17 PMYes, that's the correct docs. You could try changing the config so that fleet uses a better identifier, and then delete the hosts in fleet (they will re-enroll after being deleted)
z
zwass
01/14/2022, 5:41 PMz
zhong
01/14/2022, 5:43 PMThank you, appreciate the help!
z
zwass
01/14/2022, 6:02 PM@zhong I just updated that FAQ question with a bit more detail in case it helps 🙂
z
zhong
01/14/2022, 6:05 PMthanks for the clarification! One more question (sorry), is the config found locally on each endpoint that is connected to fleet?
z
zwass
01/14/2022, 6:31 PMAh, so that flag is configured on the Fleet server. You can also configure the
--host_identifierz
zhong
01/18/2022, 9:24 PM@zwass sorry for being inactive the past few days. Just wanted to follow up some more on this and double-check. If i wanted to update the config file for all hosts connected to fleet, should i add:
osquery:host_identifier: uuidz
zwass
01/18/2022, 10:59 PMNo, you need to modify it on the Fleet server as described in https://fleetdm.com/docs/deploying/configuration
z
zhong
01/19/2022, 12:16 AMSo i need to run the command
fleet --osquery_host_identifier=uuidz
zwass
01/19/2022, 12:21 AMYou need to start the Fleet server with that flag set, yeah. I would put it in whatever place you configuration is currently being set (config file, environment variables, or flags)
z
zhong
01/19/2022, 12:38 AMi see, thank you for the help and for the patience with me 🤣
🍻 1