https://github.com/osquery/osquery logo
#fleet
Title
s

spookerlabs

06/18/2021, 12:40 AM
Analyzing our fleetdm status events at Splunk, we just noticed that software inventory queries are not working fine since osqueryd running as "admin/root" needs
consider JOINing against the users table
s

Sarah Gillespie

06/18/2021, 7:45 PM
@spookerlabs, thanks very much for sharing this. Would you mind filing a GitHub issue?
s

spookerlabs

06/18/2021, 7:54 PM
I'll double check latest version since Im using Fleet 3.11.0-5-g6491a25c and not latest one.
If I confirm I'll open an issue.
ty 1
n

Noah Talerman

06/23/2021, 2:21 PM
@spookerlabs the issue you’ve reported will likely not be resolved in the latest release of Fleet (3.13.0). However, the Fleet team would like to resolve this in the upcoming release. Do the software inventory queries run successfully? If so is the issue that they create unnecessary entries, due to these osquery warnings, in Splunk?
s

spookerlabs

06/23/2021, 4:52 PM
Hi there! Looking into Hosts Software , for example Ubuntu Desktop, it shows online types
Packages Python
,
Package (deb)
and
Package (APT)
. Nothing related to browsers extensions.
Another point, is there a restriction to run on only some Labels ? Because I have some Linux Mint in my fleet and Software Inventory didn't return anything
2 Views