How might I determine if an osqueryd is failing to enroll with fleet? I know I can check logs, but I'm trying to figure out a way to monitor all my hosts to ensure they're all enrolled and communicating with fleet? I was hoping there was an osquery table / field for this but I couldn't find anything that differed between one of my enrolled osqueryd hosts and one of the ones having issues.

that's not a really helpful command, I've used this in the past

sudo osqueryd 
--verbose 
--tls_dump 
--tls_hostname <hostname> 
--config_plugin tls 
--config_tls_endpoint /api/v1/osquery/config
--logger_tls_endpoint /api/v1/osquery/log 
--logger_plugin tls,aws_firehose 
--enroll_tls_endpoint /api/v1/osquery/enroll 
--enroll_secret_path /etc/osquery/enroll_secret 
--distributed_tls_write_endpoint /api/v1/osquery/distributed/write 
--distributed_tls_read_endpoint /api/v1/osquery/distributed/read
--tls_client_cert <cert filepath>
--tls_client_key <key filepath>

I wonder how you could get the info from osquery if the host was not enrolled? Are you thinking you would perhaps SSH onto the host and run something with osquery there? We've been thinking about how to make enrollment debugging easier and would be curious to hear more about your thoughts.

I'm used to check Windows "Event Log" on Application Logs, it's really helpful

Rather than ssh to hosts, I was actually thinking of writing some kind of nagios check that would run on each host.