Channels
#fleet
Title
# fleet
r
Ryan
07/29/2021, 9:49 AMAfter upgrading to v4 we're seeing a lot of these logs in the Fleet journal:
Copy code
fleet[14715]: level=info ts=2021-07-29T09:48:04.444973864Z component=service method=AuthenticateHost ip_addr=10.9.0.64:49157 x_for_ip_addr= err="authentication error: missing node key" took=20.913ยตsr
Rachel Perkins
07/29/2021, 7:17 PMHmm, can you use
--verbose --tls_dumpr
Ryan
07/30/2021, 10:19 AMI'll give that a try shortly. Weirdly enough over night the problem seems to have stopped, and we're now seeing this being logged intermittently instead:
Copy code
Jul 30 10:17:58 de-kolide-fleet-01 fleet[14715]: 2021/07/30 10:17:58 http: TLS handshake error from 10.230.34.204:40996: local error: tls: bad record MAC
Jul 30 10:17:58 de-kolide-fleet-01 fleet[14715]: 2021/07/30 10:17:58 http: TLS handshake error from 10.230.34.204:40998: local error: tls: bad record MAC
Jul 30 10:17:59 de-kolide-fleet-01 fleet[14715]: 2021/07/30 10:17:59 http: TLS handshake error from 10.230.34.204:41000: local error: tls: bad record MAC
Jul 30 10:17:59 de-kolide-fleet-01 fleet[14715]: 2021/07/30 10:17:59 http: TLS handshake error from 10.230.34.204:41002: local error: tls: bad record MAC
Jul 30 10:18:03 de-kolide-fleet-01 fleet[14715]: 2021/07/30 10:18:03 http: TLS handshake error from 10.230.34.204:41008: local error: tls: bad record MAC
Jul 30 10:18:03 de-kolide-fleet-01 fleet[14715]: 2021/07/30 10:18:03 http: TLS handshake error from 10.230.34.204:41010: local error: tls: bad record MACbut all the hosts appear to be online and responding to queries, so I'm not sure about this
i'll try running verbose and tls_dump flags on that node
ok - false alarm, this is an old CentOS 6 node I decommissioned, it's not been terminated yet, so false alarm, that's cleared all the errors ๐
I'm still not sure why the
authentication error: missing node key๐
1
r
Rachel Perkins
07/30/2021, 9:14 PMGlad you got it sorted! Enjoy your weekend!
ty 1
๐ 1
51 Views