Title
#fleet
defensivedepth

defensivedepth

01/20/2021, 9:59 PM
Any ideas on how to troubleshoot this further?
zwass

zwass

01/20/2021, 10:20 PM
See https://github.com/kolide/launcher/issues/445#issuecomment-762975944. We can't really do anything on the Fleet side since the data never touches us.
s

seph

01/21/2021, 3:53 AM
I updated https://github.com/kolide/launcher/pull/481 as an approach to handling this. But I don’t have a way to test this.
3:53 AM
Do you have enough of a test bed, that you can test a build? (and if so, can you build that branch, or do you want me to?)
defensivedepth

defensivedepth

01/21/2021, 7:52 PM
First off, thanks @zwass @seph for looking into this more. The user on that thread (B3DTech) is using osquery with Security Onion and posted that error over on our support forum, which is why I brought it up over here. I actually havent been able to duplicate the issue on my side.
7:54 PM
I will carve out some more time next week to see if I can replicate it and then eventually test that branch
s

seph

01/21/2021, 7:54 PM
Cool. Thanks!
7:54 PM
Feel free to update the PR if it seems reasonable to you
defensivedepth

defensivedepth

01/29/2021, 10:13 PM
So the good news here is that Launcher was still trying to send mis-formatted osquery logs (from when they had osquery < 4.5.1 installed); once we blew away the rocksdb, we can't reproduce the utf8 errors.
s

seph

01/31/2021, 12:40 AM
Okay, I’m glad that the underlying bug in osquery seems fixed. I think there’s still thing weird in launcher — if it can’t send a log, it gets stuck, But this is somewhat intentional — it’s designed not to lose information