Hi folks looking for some help with connectivity to fleet I

Question

Hi folks looking for some help with connectivity to fleet I currently have a few RHEL hosts that are up on fleet Some are connected and show that they re online but others will periodically show as offline I ve tried deleting them from fleet and reinstalling my fleet osquery package to see if it fixes the issue and it seems like it does but it is not permanent as those same hosts will show offline a few hours later I ve connected these hosts to a domain controller so I edited ` etc resolv conf` with the domain nameserver IP and edited ` etc NetworkManager NetworkManager conf` so that the changes are on ` resolv conf` stay the same even after reboot I ve also disabled `SELINUX` because it was not letting the hosts connect Currently am stumped on what could be blocking the connection or why the hosts go offline Any help on what could be the issue

zwass · Answer

Are you able to SSH onto one of the effected hosts when it goes offline Can you `curl` the Fleet server at that time

zhong · Answer

i can still SSH into them and when i `curl` the Fleet server it returns HTML

zwass · Answer

Anything in ` var log osquery`

Lucas Rodriguez · Answer

Also try checking syslog messages in the host ` var log messages` IIRC

zhong · Answer

` var log osquery` is empty and i do not see `messages` in ` var log`

zwass · Answer

`systemctl status orbit service`

zhong · Answer

shows that it is active and running

zwass · Answer

Can you edit ` usr lib systemd system orbit service` to add ` debug` to the `orbit` command and then reload+restart the service

zhong · Answer

sorry still a bit new to fleet osquery where in `orbit service`would i add ` debug`

zwass · Answer

Can you show the contents of that file

zwass · Answer

I don t have a Linux box up at the moment to reference easily

zhong · Answer

here are the contents i appreciate all the help so far smile

zwass · Answer

Add ` debug` at the end of the `ExecStart` line please

zwass · Answer

Then `sudo systemctl daemon reload amp amp sudo systemctl restart orbit service`

zhong · Answer

doing that brought the host back online

zhong · Answer

mind if i ask what adding ` debug` did for orbit

zwass · Answer

Can you check that logs are more verbose in `systemctl status orbit service`

zwass · Answer

It just turned on more verbose logging It was probably restarting the orbit osquery process that brought it back online

zwass · Answer

If we have more verbose logs now hopefully we can determine what the issue is when it goes offline again

zwass · Answer

I suspect `systemctl restart orbit service` without any other changes would have temporarily fixed it because that would have restarted the processes

zhong · Answer

ah i see will those logs be in ` var log orbit`

zwass · Answer

Yes I think so

zhong · Answer

awesome I will be keeping an eye on the host and see when it goes offline again and update here Thank you for the help

zwass · Answer

Thank you

zhong · Answer

None of the hosts that had the logging turned on have gone offline since yesterday man facepalming Still waiting on them Anything else I could check that could be the issue in the meantime

zwass · Answer

I am not sure what else we could check with them currently working as expected Let us know if they go bad again

zhong · Answer

will do