Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Artem
05/27/2021, 12:32 PMHello!
Does anyone have troubles with individual interactive queries after updating Fleet to 3.12?
We recently updated it from 3.10 to 3.12 and now we see some problems and delays with interactive queries. Sometimes it returns valid result, sometimes we wait about 5 minutes (distributed interval is 30 seconds) and see no results. But in both cases I see valid request “/api/v1/osquery/distributed/write” API path from osquery through --tls_dump argument.
Looks really confusing =(
But at the same time interactive queries against groups of hosts (labels) work good and I don’t see any delays for them.
Could you help me with this please?
n
Noah Talerman
05/27/2021, 2:20 PMFirst, awesome that you’ve upgraded.
Are there any commonalities you’ve found for the queries that fail to return results? Large number of hosts, different osquery table, etc.
Also, so the Fleet team can attempt to reproduce this issue, can you please file a GitHub issue here? https://github.com/fleetdm/fleet/issues/new?assignees=&labels=bug&template=bug-report.md&title=
a
Artem
05/27/2021, 7:30 PM@Noah Talerman hello! Thanks for the answer! I didn’t find real problem reason, but we solved it by Fleet reinstall from scratch.
🙌 1
👋 1
n
Noah Talerman
05/27/2021, 7:32 PMGlad you resolved the issue. Did you reinstall Fleet 3.12 or a previous version of Fleet?
a
Artem
05/28/2021, 11:34 AMYes, we reinstalled Fleet 3.12 and recovered some key tables from backup like users and saved packs/queries.
I still didn’t found update problem reason because we used your update guide as always. But in this time it was a surprise.
So my tip for everyone is to have separate backup Fleet’s MySQL DB for such restore cases.
Hello @Noah Talerman! I seem to have misled you, I apologize, my colleagues, server admins, misinformed me. Version 3.12 still does not work very stable for requests for single users. It does not always return results and no pattern was found. Therefore, colleagues installed version 3.11 from scratch, we do not observe such a problem on it.
n
Noah Talerman
06/03/2021, 3:13 PMThank you for the clarification. I believe a member of the Fleet community discovered the source of the issue here: https://github.com/fleetdm/fleet/issues/911#issuecomment-852087973
You’re correct that the issue was introduce in 3.12. The Fleet team is currently working on a fix for the issue. The current plan is that the fix will be included in a minor release this week.
👍 1
The Fleet 3.13.0 release includes the fix! Linking to the release notes here: https://github.com/fleetdm/fleet/releases/tag/3.13.0
a
Artem
06/03/2021, 8:57 PMCool! Thanks for the good news! We will test it in the nearest future!
n
Noah Talerman
06/03/2021, 9:00 PMGreat! Please continue to provide the very helpful feedback