Any ideas on how to troubleshoot this further?
# fleetd
defensivedepth
01/20/2021, 9:59 PMAny ideas on how to troubleshoot this further?
z
zwass
01/20/2021, 10:20 PM
See https://github.com/kolide/launcher/issues/445#issuecomment-762975944. We can't really do anything on the Fleet side since the data never touches us.
s
seph
01/21/2021, 3:53 AM
I updated https://github.com/kolide/launcher/pull/481 as an approach to handling this.
But I don’t have a way to test this.
ty 1
seph
01/21/2021, 3:53 AM
Do you have enough of a test bed, that you can test a build? (and if so, can you build that branch, or do you want me to?)
d
defensivedepth
01/21/2021, 7:52 PMFirst off, thanks @zwass @seph for looking into this more. The user on that thread (B3DTech) is using osquery with Security Onion and posted that error over on our support forum, which is why I brought it up over here. I actually havent been able to duplicate the issue on my side.
defensivedepth
01/21/2021, 7:54 PMI will carve out some more time next week to see if I can replicate it and then eventually test that branch
s
seph
01/21/2021, 7:54 PM
Cool. Thanks!
seph
01/21/2021, 7:54 PM
Feel free to update the PR if it seems reasonable to you
👍 1
d
defensivedepth
01/29/2021, 10:13 PMSo the good news here is that Launcher was still trying to send mis-formatted osquery logs (from when they had osquery < 4.5.1 installed); once we blew away the rocksdb, we can't reproduce the utf8 errors.
s
seph
01/31/2021, 12:40 AM
Okay, I’m glad that the underlying bug in osquery seems fixed. I think there’s still thing weird in launcher — if it can’t send a log, it gets stuck, But this is somewhat intentional — it’s designed not to lose information
👍 1