https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
a

Artem

05/27/2021, 12:32 PM
Hello! Does anyone have troubles with individual interactive queries after updating Fleet to 3.12? We recently updated it from 3.10 to 3.12 and now we see some problems and delays with interactive queries. Sometimes it returns valid result, sometimes we wait about 5 minutes (distributed interval is 30 seconds) and see no results. But in both cases I see valid request “/api/v1/osquery/distributed/write” API path from osquery through --tls_dump argument. Looks really confusing =( But at the same time interactive queries against groups of hosts (labels) work good and I don’t see any delays for them. Could you help me with this please?
n

Noah Talerman

05/27/2021, 2:20 PM
First, awesome that you’ve upgraded. Are there any commonalities you’ve found for the queries that fail to return results? Large number of hosts, different osquery table, etc. Also, so the Fleet team can attempt to reproduce this issue, can you please file a GitHub issue here? https://github.com/fleetdm/fleet/issues/new?assignees=&labels=bug&template=bug-report.md&title=
a

Artem

05/27/2021, 7:30 PM
@Noah Talerman hello! Thanks for the answer! I didn’t find real problem reason, but we solved it by Fleet reinstall from scratch.
🙌 1
👋 1
n

Noah Talerman

05/27/2021, 7:32 PM
Glad you resolved the issue. Did you reinstall Fleet 3.12 or a previous version of Fleet?
a

Artem

05/28/2021, 11:34 AM
Yes, we reinstalled Fleet 3.12 and recovered some key tables from backup like users and saved packs/queries. I still didn’t found update problem reason because we used your update guide as always. But in this time it was a surprise. So my tip for everyone is to have separate backup Fleet’s MySQL DB for such restore cases.
Hello @Noah Talerman! I seem to have misled you, I apologize, my colleagues, server admins, misinformed me. Version 3.12 still does not work very stable for requests for single users. It does not always return results and no pattern was found. Therefore, colleagues installed version 3.11 from scratch, we do not observe such a problem on it.
n

Noah Talerman

06/03/2021, 3:13 PM
Thank you for the clarification. I believe a member of the Fleet community discovered the source of the issue here: https://github.com/fleetdm/fleet/issues/911#issuecomment-852087973 You’re correct that the issue was introduce in 3.12. The Fleet team is currently working on a fix for the issue. The current plan is that the fix will be included in a minor release this week.
👍 1
The Fleet 3.13.0 release includes the fix! Linking to the release notes here: https://github.com/fleetdm/fleet/releases/tag/3.13.0
a

Artem

06/03/2021, 8:57 PM
Cool! Thanks for the good news! We will test it in the nearest future!
n

Noah Talerman

06/03/2021, 9:00 PM
Great! Please continue to provide the very helpful feedback
3 Views
Powered by