https://github.com/osquery/osquery logo
Powered by
#fleet
Title
z

zhong

01/14/2022, 3:12 PM
Hello all, I'm working with some RHEL endpoints being hosted on AWS. I'm attempting to clone one of my endpoints and add the clones to fleet but when I do, fleet seems to confuse the original with the clones. I've changed the hostnames and made sure that they all have different IPs and serial number. When i add them to fleet, they do not show up as individual endpoints but when I try to Refetch the original endpoint i see its IP change and the hostname change. So it seems like fleet thinks that they are all the same endpoint. Anyone encountered this before?
l

Lucas Rodriguez

01/14/2022, 4:33 PM
I believe you want to change the config in fleet to use a different identifier for hosts https://fleetdm.com/docs/deploying/configuration#osquery-host-identifier
Let me double check with the team though.
z

zhong

01/14/2022, 4:34 PM
thank you!
l

Lucas Rodriguez

01/14/2022, 5:17 PM
Yes, that's the correct docs. You could try changing the config so that fleet uses a better identifier, and then delete the hosts in fleet (they will re-enroll after being deleted)
z

zwass

01/14/2022, 5:41 PM
z

zhong

01/14/2022, 5:43 PM
Thank you, appreciate the help!
z

zwass

01/14/2022, 6:02 PM
@zhong I just updated that FAQ question with a bit more detail in case it helps 🙂
z

zhong

01/14/2022, 6:05 PM
thanks for the clarification! One more question (sorry), is the config found locally on each endpoint that is connected to fleet?
z

zwass

01/14/2022, 6:31 PM
Ah, so that flag is configured on the Fleet server. You can also configure the 
--host_identifier
in osquery on the endpoints themselves, but most folks find it easier to just modify the Fleet server config.
z

zhong

01/18/2022, 9:24 PM
@zwass sorry for being inactive the past few days. Just wanted to follow up some more on this and double-check. If i wanted to update the config file for all hosts connected to fleet, should i add:  
osquery:
   
host_identifier: uuid
on the Global agent options like so?
z

zwass

01/18/2022, 10:59 PM
No, you need to modify it on the Fleet server as described in https://fleetdm.com/docs/deploying/configuration
z

zhong

01/19/2022, 12:16 AM
So i need to run the command 
fleet --osquery_host_identifier=uuid
on the fleet server?
z

zwass

01/19/2022, 12:21 AM
You need to start the Fleet server with that flag set, yeah. I would put it in whatever place you configuration is currently being set (config file, environment variables, or flags)
z

zhong

01/19/2022, 12:38 AM
i see, thank you for the help and for the patience with me 🤣
🍻 1
2 Views
Powered by