https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
s

spookerlabs

02/25/2021, 7:08 PM
Quick question. I'm testing new fleetdm 3.8 thats seems great. Just in case I was playing with some config options and I tried to change 
config_refresh:10
to 60 as other fields I changed but looking into new drilldown it seems like nothing changed. Is it possible to change config_refresh using fleetctl ?
get options
I didn't test this config_refresh test in previous version.
and congrats new release 😃
Logging at osquery_flags seems like there config_refresh with my new parameter.
z

zwass

02/25/2021, 7:26 PM
By default it's an hour, so it could take a little while to see the correct value there.
s

spookerlabs

02/25/2021, 7:32 PM
but other too values changed in minutes hehehe but I will that to see 😃 Thanks!
z

zwass

02/25/2021, 7:34 PM
Can you run osquery with 
--verbose --tls_dump
and see if it receives the expected value from Fleet?
s

spookerlabs

02/25/2021, 7:45 PM
seems like receiving, just applied new options
Copy code
I0225 16:44:25.828430 314369 smbios_tables.cpp:105] Reading SMBIOS from sysfs DMI node
I0225 16:44:25.828779 314369 config.cpp:890] Calling configure for logger tls
I0225 16:44:40.829082 314369 config.cpp:1205] Refreshing configuration state
I0225 16:44:40.829715 314369 tls.cpp:254] TLS/HTTPS POST request to URI: <https://localhost:8412/api/v1/osquery/config>

{
  "decorators": {
    "load": [
      "SELECT uuid AS host_uuid FROM system_info;",
      "SELECT hostname AS hostname FROM system_info;"
    ]
  },
  "options": {
    "config_refresh": 17,
    "disable_distributed": false,
    "distributed_interval": 37,
    "distributed_plugin": "tls",
    "distributed_tls_max_attempts": 3,
    "logger_plugin": "tls",
    "logger_tls_endpoint": "/api/v1/osquery/log",
    "logger_tls_period": 47,
    "pack_delimiter": "/"
  }
}
z

zwass

02/25/2021, 7:46 PM
Okay cool, let's see if it updates properly after waiting.
s

spookerlabs

02/25/2021, 7:46 PM
I will check in 10 min again
ty 1
z

zwass

02/25/2021, 7:47 PM
Both of the others updated?
s

spookerlabs

02/25/2021, 7:47 PM
Logger and Distributed almost realtime
z

zwass

02/25/2021, 7:47 PM
Okay, seems likely a bug
s

spookerlabs

02/26/2021, 12:18 AM
Not sure when it changed, but changed heheheh
but other two changed almost in real time
z

zwass

02/26/2021, 10:49 PM
That is interesting that it eventually worked. I opened up an issue to investigate further since other users had similar issues. https://github.com/fleetdm/fleet/issues/357
s

spookerlabs

02/27/2021, 12:20 AM
Cool! Great! Thanks 😃
6 Views
Powered by