noob here trying to get set up. Ran out of ideas, just wondering what I should do to troubleshoot further.
I have a great demo running on my laptop with osquery agents, fleet, and elk stack but now trying to implement in the real world.
I'm betting some acl/firewall/security group type issue, but not having much luck with indications on why the following.
• haproxy in front of fleet just doing tcp passthrough
• fleet running in aws ec2 - verified connection with redis and mysql.
• mysql is aws rds
• redis is aws elasticache
In the fleet ui I see and interact with most of it. am using a wildcard ssl cert but seems to be working - remote agent enrolled and looks to be working as expected. osquery logs on remote agent do not give any indication that there is anything wrong (that jump out at me).
•
main problem is:
live_query
and
run
just hang and eventually result in
net::ERR_HTTP2_PROTOCOL_ERROR
• fleetctl just hangs on
--query "SELECT * FROM osquery_info"
aswell, even with --timeout set and --debug set, I see nothing.
• as far as I can tell everything else working fine.
fleet is behind a tcp passthrough haproxy.
• also tried accessing via ssh tunnel direct to port 8080, still seeing same problem here too.