Another noob question here. Anyone know where Fleet logs are written by default?

Server logs are written to stderr. Osquery logs are written to

/tmp/osquery_status

and

/tmp/osquery_result

(https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#filesystem_status_log_file).

thanks. we are troubleshooting the issue with clients. Looks like they register but are all offline. I'm wondering if it might be related to load-balancing. We have 2 Fleet UI servers behind an NLB. If the enrollment process is being round-robin load-balanced to different Fleet servers, perhaps the clients aren't enrolling properly

It's pretty common for folks to have issues with their LB configuration. Fleet is architected not to care "which" server is hit as long as they are all talking to the same MySQL/Redis.