Title
#fleet
m

Marc Roelofs

03/08/2022, 3:16 PM
I've updated from 4.7.0 to 4.10 and now 4.11 , and still not seeing the software listing and vulnerabilities on the main Fleet page after login .. it says to wait an hour . Software inventory is there on the host level. this is the config at the moment
host_settings:
enable_host_users: true
enable_software_inventory: true
and vuln is set like this
vulnerabilities:
cpe_database_url: ""
current_instance_checks: auto
cve_feed_prefix_url: ""
databases_path: /fleet-cve/
disable_data_sync: false
periodicity: 3600000000000
vulnerability_settings:
databases_path: /fleet-cve/
any idea that could help me ? ...
Kathy Satterlee

Kathy Satterlee

03/08/2022, 3:37 PM
Hi @Marc Roelofs. Couple of quick questions here... 1. How long have you been looking at that "Try again in an hour" message? 2. Have you tried restarting the server?
Benjamin Edwards

Benjamin Edwards

03/08/2022, 3:47 PM
how much memory is the fleet server running with? vuln processing requires ~4gb to process everything, its possible its crashing due to out of mem errors? does
/fleet-cve/
exist? try something like
/opt/fleet-cve
?
m

Marc Roelofs

03/08/2022, 4:33 PM
Hi @Kathy Satterlee looked at it for multiple hours, after restarting. @Benjamin Edwards /fleet-cve exists, and is writable , but, just noticed, still empty, no cve files. This is my test env, only 2 hosts in ... Setup was deployed via helm on kubernetes for test and prod identically using values files and prod does work (at version 4.7) . It went "wrong" when upgrading test from 4.7 to 4.10 a short while back..
4:34 PM
Restarting in this case means scaling down to 0 relplicaset , i.e. deleting the pod, and then scaling back up
7:57 AM
Figured out maybe my kubernetes cluster (small) was overloaded , it did not seem like it , but I killed all unneeded deployments for now. and will wait another hour after restarting .Also thinking that the software visible at host level is "historical" , going to see if that gets populated when deploying a brand new vm
10:48 AM
Added a "brand new machine" , Fleet collected all information regarding installed software and some vulnerabilities , and shows it on the hosts page , but not on the "home" page. In mysql I see the CVE's being added every day in table software_cve, but not seeing any files on disk .. I'm confused 😉
7:53 PM
@Kathy Satterlee do you see any way out for me other than recreating everything ? I could drop some tables maybe ?