Hi Osquery software page doesn t load but am able to view th osquery #fleet

Hi, Osquery software page doesn't load but am able...

Karthick

07/19/2022, 3:45 AM

Hi, Osquery software page doesn't load but am able to view the software and Vulnerable software from the host. Osquery is hosted in Kubernetes and version 4.11.0

Kathy Satterlee

07/19/2022, 2:11 PM

Hi, @Karthick! Are you seeing anything in the console or network requests?

Karthick

07/19/2022, 4:51 PM

console error

Karthick

07/19/2022, 4:52 PM

i tried /api/v1/fleet/software from postman even that remain in message sending request but no response but am able to query other api endpoints like config

Karthick

07/19/2022, 4:53 PM

in pod logs i could see {"err":"failed","level":"error","op":"directIngestSoftware","ts":"2022-07-19T165232.35786363Z"}

Kathy Satterlee

07/19/2022, 5:21 PM

Do you get the same error if you try in another browser or an incognito window?

Kathy Satterlee

07/19/2022, 5:22 PM

I see you tried it in Postman, but I'm still curious about incognito.

Kathy Satterlee

07/19/2022, 5:30 PM

And did this just suddenly stop working, or was there a recent change?

Karthick

07/20/2022, 10:21 AM

it was not working from the time it is deployed and tried in a different browser and incognito same result

Kathy Satterlee

07/20/2022, 3:16 PM

Thanks for that info. Looking into this to see what the culprit might be.

Kathy Satterlee

07/20/2022, 3:46 PM

Can you run

fleetctl debug errors

and see if there's any additional info there? If you'd be up for scanning that file for any sensitive data you'd like to remove and sharing it, that would be awesome as well.

Karthick

07/21/2022, 10:28 AM

in debug json file all i can see it multiple entry of {"external": "enroll failed: timestamp: 2022-07-21T080715Z: no matching secret found" },

Karthick

07/21/2022, 4:02 PM

osquery is running in k8s so installed fleetctl in linux and executed fleetctl debug errors command

Kathy Satterlee

07/21/2022, 4:45 PM

This may be related to an issue we're tracking. Do you have any Ubuntu hosts enrolled?

Karthick

07/22/2022, 2:12 AM

we have centos, mac, windows

Karthick

07/24/2022, 2:58 PM

@Kathy Satterlee the version referred in issue is v4.17 and ubuntu host in my case we are running with v4.11. So, v4.11 also has this bug ?

Kathy Satterlee

07/24/2022, 4:18 PM

I apologize, I must have misread the version! Given that there aren't any errors in the Fleet logs or the pod logs, it seems likely that the error is popping up somewhere between Fleet and you. When you checked the logs in Kubernetes, did you also look at the logs for your load balancer or proxy server?

7 Views

Open in Slack

Previous Next