Zach Zeid
09/03/2020, 5:36 PM--tls_dump
I see what appears to be html in the output, is that expected?Zach Zeid
09/03/2020, 5:44 PMtls negotiation
errors as well, and I'm attempting to figure out why that iszwass
zwass
--tls_dump
output.Zach Zeid
09/03/2020, 6:04 PMZach Zeid
09/03/2020, 6:06 PM[14:00:57] ~$ I0903 14:00:58.274202 23479 tls.cpp:253] TLS/HTTPS POST request to URI: <https://dev.fleet.sec.xxxx.org>
Zach Zeid
09/03/2020, 6:07 PMZach Zeid
09/03/2020, 6:09 PMzwass
.org
?zwass
config_tls_endpoint
?Zach Zeid
09/03/2020, 6:13 PMconfig_tls_endpoint
is configured in the flags file.
It occurs to me that this is a result of the fleet server being behind a network gateway, and that' is what is returning the html.zwass
zwass
zwass
_endpoint
flags missingZach Zeid
09/03/2020, 6:16 PMsudo osqueryd --verbose --tls_dump --tls_hostname <http://dev.fleet.sec.xxx.org|dev.fleet.sec.xxx.org> --config_plugin tls --tls_server_certs /etc/osquery/certs/kolide_fleet.crt --logger_tls_endpoint /api/v1/osquery/log --config_tls_endpoint /api/v1/osquery/config --logger_plugin tls --enroll_tls_endpoint /api/v1/osquery/enroll --enroll_secret_path /etc/osquery/enroll_secret
Zach Zeid
09/03/2020, 6:16 PMZach Zeid
09/03/2020, 7:05 PMtls_hostname
be something else?
--tls_hostname <http://dev.fleet.sec.xxx.org|dev.fleet.sec.xxx.org>
right now that's the url we use to get to the web uiseph
seph
Zach Zeid
09/03/2020, 10:06 PMzwass
Zach Zeid
09/03/2020, 11:34 PMzwass
_endpoint
flags to the hostname. That's why I suggested checking that they are all configured properly.Zach Zeid
09/03/2020, 11:37 PM<http://dev.fleet.sec.xxx.org/api/v1/osquery/{config|dev.fleet.sec.xxx.org/api/v1/osquery/{config>, enroll, log}
right?Zach Zeid
09/03/2020, 11:38 PMzwass
Zach Zeid
09/03/2020, 11:44 PMZach Zeid
09/03/2020, 11:46 PMzwass
Zach Zeid
09/03/2020, 11:49 PMzwass
Zach Zeid
09/03/2020, 11:51 PMzwass
Zach Zeid
09/03/2020, 11:52 PMzwass
zwass
--disable_distributed
(which is the default) so osquery doesn't even try.Zach Zeid
09/03/2020, 11:56 PMzwass
Zach Zeid
09/04/2020, 12:05 AM