https://github.com/osquery/osquery logo
Powered by
#kolide
Title
# kolide
z

Zach Zeid

09/10/2020, 2:29 PM
Is there a different way I can approach troubleshooting this?
z

zwass

09/10/2020, 3:43 PM
Use 
--tls_dump
on the osquery invocation and see what config it is pulling down.
z

Zach Zeid

09/10/2020, 4:58 PM
so it looks like there was a typo in the decorator query (my b), but somewhere between 
fleetctl apply
and the host instance getting the config, it silently fails.
Only after I was able to fix the incorrect query did the host instance pull down the config. 🤔
s

sundsta

09/10/2020, 5:44 PM
Have you checked the osqueryd logs? Seems like it would show up there, especially if you add the 
--verbose
flag
Or possibly the osquery_status logs
z

Zach Zeid

09/10/2020, 5:45 PM
I did, didn't seem to see anything there, could be that the config doesn't get pulled down right away after every service restart, and is defined by 
config_refresh
Powered by