Zach Zeid
09/03/2020, 5:36 PM--tls_dump
I see what appears to be html in the output, is that expected?tls negotiation
errors as well, and I'm attempting to figure out why that iszwass
09/03/2020, 6:03 PM--tls_dump
output.Zach Zeid
09/03/2020, 6:04 PM[14:00:57] ~$ I0903 14:00:58.274202 23479 tls.cpp:253] TLS/HTTPS POST request to URI: <https://dev.fleet.sec.xxxx.org>
zwass
09/03/2020, 6:11 PM.org
?config_tls_endpoint
?Zach Zeid
09/03/2020, 6:13 PMconfig_tls_endpoint
is configured in the flags file.
It occurs to me that this is a result of the fleet server being behind a network gateway, and that' is what is returning the html.zwass
09/03/2020, 6:14 PM_endpoint
flags missingZach Zeid
09/03/2020, 6:16 PMsudo osqueryd --verbose --tls_dump --tls_hostname <http://dev.fleet.sec.xxx.org|dev.fleet.sec.xxx.org> --config_plugin tls --tls_server_certs /etc/osquery/certs/kolide_fleet.crt --logger_tls_endpoint /api/v1/osquery/log --config_tls_endpoint /api/v1/osquery/config --logger_plugin tls --enroll_tls_endpoint /api/v1/osquery/enroll --enroll_secret_path /etc/osquery/enroll_secret
tls_hostname
be something else?
--tls_hostname <http://dev.fleet.sec.xxx.org|dev.fleet.sec.xxx.org>
right now that's the url we use to get to the web uiseph
09/03/2020, 8:12 PMZach Zeid
09/03/2020, 10:06 PMzwass
09/03/2020, 11:09 PMZach Zeid
09/03/2020, 11:34 PMzwass
09/03/2020, 11:36 PM_endpoint
flags to the hostname. That's why I suggested checking that they are all configured properly.Zach Zeid
09/03/2020, 11:37 PM<http://dev.fleet.sec.xxx.org/api/v1/osquery/{config|dev.fleet.sec.xxx.org/api/v1/osquery/{config>, enroll, log}
right?zwass
09/03/2020, 11:41 PMZach Zeid
09/03/2020, 11:44 PMzwass
09/03/2020, 11:47 PMZach Zeid
09/03/2020, 11:49 PMzwass
09/03/2020, 11:50 PMZach Zeid
09/03/2020, 11:51 PMzwass
09/03/2020, 11:51 PMZach Zeid
09/03/2020, 11:52 PMzwass
09/03/2020, 11:55 PM--disable_distributed
(which is the default) so osquery doesn't even try.Zach Zeid
09/03/2020, 11:56 PMzwass
09/03/2020, 11:58 PMZach Zeid
09/04/2020, 12:05 AM