Hi all, I don’t understand how host uuid is managed and computed. Here my usecase: I’ve fleet (3.11) up and my pc is connected to the fleet server. My pc has 2 partitions and I use kolide launcher in 2 different OS with the same version of osquery (4.9.0). I also have another instance of osquery installed from osquery.io . • the host_uuid is the same (case insensitive) but it is lowercase in linux os and uppercase windows os, is it a coincidence or there is some rule in osquery? • if I run this query: select uuid from osquery_info; from osqueryi and from fleet the uuid is different, how the host_uuid is computed? does it have a dependency with launcher/osquery ?

uuid is generated differently depending on the platform. both on linux and windows, it tries to get the product uuid, in linux it reads

/sys/class/dmi/id/product_uuid

, and on windows it does

Select UUID from Win32_ComputerSystemProduct

so depending on how the drivers are implemented, one might return all lower case, but both being basically the same. If getting the uuid from the hardware fails, it generates a new random uuid and stores it for later retrieval so the subsquent requests will be the same I suppose if you run osqueryi without enough permissions to read

/sys/class/dmi/id/product_uuid

, it'll generate a random one