Artem
05/06/2022, 10:34 AMjournalctl -u fleetdm
log without exact understanding of reason:
May 06 10:24:55 fleet-01.test.tech fleet[3448836]: {"component":"http","err":"timestamp: 2022-05-06T10:24:48Z: error in query ingestion || timestamp: 2022-05-06T10:24:52Z: error in query ingestion || create transaction: timestamp: 2022-05-06T10:24:55Z: context canceled || save host with id 369: timestamp: 2022-05-06T10:24:55Z: context canceled","ingestion-err":"ingesting query users: update host users: create transaction: timestamp: 2022-05-06T10:24:52Z: context canceled","ip_addr":"172.10.11.10","level":"error","method":"POST","took":"22.51394562s","ts":"2022-05-06T10:24:55.778064954Z","uri":"/api/v1/osquery/distributed/write","x_for_ip_addr":"172.10.11.10"}
May 06 10:25:01 fleet-01.test.tech fleet[3448836]: {"component":"http","err":"timestamp: 2022-05-06T10:24:58Z: error in query ingestion || timestamp: 2022-05-06T10:25:01Z: error in query ingestion || timestamp: 2022-05-06T10:25:01Z: error in query ingestion || timestamp: 2022-05-06T10:25:01Z: error in query ingestion || timestamp: 2022-05-06T10:25:01Z: error in query ingestion || timestamp: 2022-05-06T10:25:01Z: error in query ingestion || getting app config: selecting app config: timestamp: 2022-05-06T10:25:01Z: context canceled","ingestion-err":"ingest detail query: selecting app config: timestamp: 2022-05-06T10:25:01Z: context canceled","ip_addr":"172.10.11.11","level":"error","method":"POST","took":"19.280912956s","ts":"2022-05-06T10:25:01.630667525Z","uri":"/api/v1/osquery/distributed/write","x_for_ip_addr":"172.10.11.11"}
May 06 10:25:03 fleet-01.test.tech fleet[3448836]: {"component":"http","err":"timestamp: 2022-05-06T10:24:58Z: error in query ingestion || create transaction: timestamp: 2022-05-06T10:25:03Z: context canceled || save host with id 403: timestamp: 2022-05-06T10:25:03Z: context canceled","ingestion-err":"ingesting query software_linux: update host software: insert software: timestamp: 2022-05-06T10:24:58Z: context canceled","ip_addr":"172.10.11.12","level":"error","method":"POST","took":"20.692362396s","ts":"2022-05-06T10:25:03.53958792Z","uri":"/api/v1/osquery/distributed/write","x_for_ip_addr":"172.10.11.12"}
We don’t see any errors or high load on MySQL. At the same time we started to see software inventory and vulnerabilities data. Visually it looks like this information is updated correctly according to intervals.Michal Nicpon
05/06/2022, 3:55 PMFLEET_ENABLE_DEV_SQL_INTERCEPTOR=true
Lucas Rodriguez
05/06/2022, 4:53 PMtook
).Artem
05/08/2022, 9:54 AMjournalctl -u fleetdm -f
logsMichal Nicpon
05/09/2022, 3:17 PMLucas Rodriguez
05/09/2022, 3:19 PMstderr
by default.Artem
05/12/2022, 9:20 AMMichal Nicpon
05/12/2022, 4:38 PMlevel=debug ts=2022-05-12T16:37:31.338234946Z component=sql-interceptor duration=214.011µs query="SELECT count(*) as hosts_count, hm.version FROM host_munki_info hm JOIN hosts h ON (h.id = hm.host_id) WHERE h.team_id = ? AND hm.deleted_at IS NULL GROUP BY hm.version" args={1} err=null
Did you make sure to enable debug logging? Also, what version of fleet are you using?Lucas Rodriguez
05/12/2022, 5:41 PMArtem
05/18/2022, 8:39 PMcomponent=sql-interceptor
I use such cmdline to manually start Fleet with SQL Interceptor and get logs to stdout FLEET_ENABLE_DEV_SQL_INTERCEPTOR=true /usr/local/bin/fleet serve --config /etc/fleetdm/fleetdm.yml 2>&1
And I don’t see component=sql-interceptor
logs you mentioned before. But there are lots of component=http
and component=crons
.
I thank about mistake in my cmdline structure but saw that another option for json looging works fine
FLEET_LOGGING_JSON=true /usr/local/bin/fleet serve --config /etc/fleetdm/fleetdm.yml 2>&1
Maybe I should start FleetDM in dev mode some way?Michal Nicpon
05/18/2022, 9:34 PMFLEET_LOGGING_DEBUG=true
?FLEET_ENABLE_DEV_SQL_INTERCEPTOR=true FLEET_LOGGING_DEBUG=true /usr/local/bin/fleet serve --config /etc/fleetdm/fleetdm.yml 2>&1
Artem
05/19/2022, 8:09 AMFLEET_ENABLE_DEV_SQL_INTERCEPTOR=true FLEET_LOGGING_DEBUG=true /usr/local/bin/fleet serve --config /etc/fleetdm/fleetdm.yml 2>&1 | grep -v component=http
for 1-2 hours, but didn’t see component=sql-interceptor
data.--dev
argument to use FLEET_ENABLE_DEV_SQL_INTERCEPTOR=true?--dev
option with same mysql settings.
P.S. I checked MySQL credentials via mysql command and had success connection.Tomas Touceda
05/19/2022, 12:40 PMMichal Nicpon
05/19/2022, 3:44 PM--dev
is meant for developers, and sets mysql credentials to some hardcoded values for local developmentArtem
05/20/2022, 5:35 AMTomas Touceda
05/20/2022, 1:38 PMArtem
05/20/2022, 1:42 PMTomas Touceda
05/20/2022, 1:55 PM