https://github.com/osquery/osquery logo
#fleet
Title
k

Karthick

07/19/2022, 3:45 AM
Hi, Osquery software page doesn't load but am able to view the software and Vulnerable software from the host. Osquery is hosted in Kubernetes and version 4.11.0
k

Kathy Satterlee

07/19/2022, 2:11 PM
Hi, @Karthick! Are you seeing anything in the console or network requests?
k

Karthick

07/19/2022, 4:51 PM
console error
i tried /api/v1/fleet/software from postman even that remain in message sending request but no response but am able to query other api endpoints like config
in pod logs i could see {"err":"failed","level":"error","op":"directIngestSoftware","ts":"2022-07-19T165232.35786363Z"}
k

Kathy Satterlee

07/19/2022, 5:21 PM
Do you get the same error if you try in another browser or an incognito window?
I see you tried it in Postman, but I'm still curious about incognito.
And did this just suddenly stop working, or was there a recent change?
k

Karthick

07/20/2022, 10:21 AM
it was not working from the time it is deployed and tried in a different browser and incognito same result
k

Kathy Satterlee

07/20/2022, 3:16 PM
Thanks for that info. Looking into this to see what the culprit might be.
Can you run
fleetctl debug errors
and see if there's any additional info there? If you'd be up for scanning that file for any sensitive data you'd like to remove and sharing it, that would be awesome as well.
k

Karthick

07/21/2022, 10:28 AM
in debug json file all i can see it multiple entry of {"external": "enroll failed: timestamp: 2022-07-21T080715Z: no matching secret found" },
osquery is running in k8s so installed fleetctl in linux and executed fleetctl debug errors command
k

Kathy Satterlee

07/21/2022, 4:45 PM
This may be related to an issue we're tracking. Do you have any Ubuntu hosts enrolled?
k

Karthick

07/22/2022, 2:12 AM
we have centos, mac, windows
@Kathy Satterlee the version referred in issue is v4.17 and ubuntu host in my case we are running with v4.11. So, v4.11 also has this bug ?
k

Kathy Satterlee

07/24/2022, 4:18 PM
I apologize, I must have misread the version! Given that there aren't any errors in the Fleet logs or the pod logs, it seems likely that the error is popping up somewhere between Fleet and you. When you checked the logs in Kubernetes, did you also look at the logs for your load balancer or proxy server?
7 Views