osqueryd --flagfile=/etc/osquery/osquery.flags W1109 11:02:51.865283 25474 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... W1109 11:02:52.873628 25474 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... W1109 11:02:56.904080 25474 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... W1109 11:02:57.912461 25474 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... I1109 11:03:01.933297 25474 events.cpp:825] Event publisher not enabled: syslog: Publisher disabled via configuration W1109 11:03:02.052307 25474 inotify.cpp:80] Failed to do stat on: /etc/init/ W1109 11:03:02.101761 25502 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... W1109 11:03:03.112587 25502 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... I1109 11:03:08.053982 25503 scheduler.cpp:83] Executing scheduled query hardware_events: SELECT * FROM hardware_events; W1109 11:03:08.188552 25502 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... I1109 11:03:09.072151 25503 scheduler.cpp:83] Executing scheduled query file_events: SELECT * FROM file_events; I1109 11:03:09.084679 25503 scheduler.cpp:83] Executing scheduled query process_events: SELECT auid, cmdline, ctime, cwd, egid, euid, gid, parent, path, pid, time, uid FROM process_events WHERE path NOT IN ('/bin/sed', '/usr/bin/tr', '/bin/gawk', '/bin/date', '/bin/mktemp', '/usr/bin/dirname', '/usr/bin/head', '/usr/bin/jq', '/bin/cut', '/bin/uname', '/bin/basename') and cmdline NOT LIKE '%_key%' AND cmdline NOT LIKE '%secret%'; I1109 11:03:09.099536 25503 scheduler.cpp:83] Executing scheduled query socket_events: SELECT action, auid, family, local_address, local_port, path, pid, remote_address, remote_port, success, time FROM socket_events WHERE success=1 AND path NOT IN ('/usr/bin/hostname') AND remote_address NOT IN ('127.0.0.1', '169.254.169.254', '', '0000:0000:0000:0000:0000:0000:0000:0001', '::1', '0000:0000:0000:0000:0000:ffff:7f00:0001', 'unknown', '0.0.0.0', '0000:0000:0000:0000:0000:0000:0000:0000'); W1109 11:03:09.196720 25502 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... W1109 11:03:17.292363 25502 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... I1109 11:03:18.114519 25503 scheduler.cpp:83] Executing scheduled query file_events: SELECT * FROM file_events;

osqueryd --flagfile=/etc/osquery/osquery.flags I1109 11:11:50.791759 26020 init.cpp:396] osquery initialized [version=3.2.6] I1109 11:11:50.822698 26020 system.cpp:368] Found stale process for osqueryd (25895) I1109 11:11:50.822860 26020 system.cpp:400] Writing osqueryd pid (26020) to /var/run/osqueryd.pidfile I1109 11:11:50.823026 26020 extensions.cpp:342] Could not autoload extensions: Failed reading: /etc/osquery/extensions.load I1109 11:11:50.824460 26021 watcher.cpp:554] osqueryd watcher (26020) executing worker (26022) I1109 11:11:50.835525 26022 init.cpp:393] osquery worker initialized [watcher=26020] I1109 11:11:50.836735 26022 rocksdb.cpp:132] Opening RocksDB handle: /var/osquery/osquery.db I1109 11:11:50.880995 26022 auto_constructed_tables.cpp:85] Removing stale ATC entries I1109 11:11:50.881003 26031 interface.cpp:263] Extension manager service starting: /var/osquery/osquery.em I1109 11:11:50.892339 26022 tls_enroll.cpp:59] TLSEnrollPlugin requesting a node enroll key from: https://172.20.17.23:8080 I1109 11:11:50.898659 26022 tls.cpp:241] TLS/HTTPS POST request to URI: https://172.20.17.23:8080

{"enroll_secret":"hMHTGTJBPDItWo3f9tyv0rorSdyazdwT","host_identifier":"iz2zedpuz8j5uxm63s0l1az","platform_type":"9","host_details":{"os_version":{"_id":"7","build":"","major":"7","minor":"2","name":"CentOS Linux","patch":"1511","platform":"rhel","platform_like":"rhel","version":"CentOS Linux release 7.2.1511 (Core)"},"osquery_info":{"build_distro":"xenial","build_platform":"ubuntu","config_hash":"2d8f8cce9213c8500b728d63da59f94d678658ed","config_valid":"1","extensions":"active","instance_id":"ac31a2f5-8cf6-4cf5-9331-8d0da9a7a961","pid":"26022","start_time":"1541733110","uuid":"4657D1AD-6900-4BBA-A35F-6F94A6D02BAC","version":"3.2.6","watcher":"26020"},"platform_info":{"address":"0xe800","date":"04/01/2014","extra":"","revision":"0.0","size":"65536","vendor":"SeaBIOS","version":"rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org","volume_size":"0"},"system_info":{"computer_name":"iz2zedpuz8j5uxm63s0l1az","cpu_brand":"Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz\u0000","cpu_logical_cores":"4","cpu_microcode":"0x1","cpu_physical_cores":"4","cpu_subtype":"62","cpu_type":"6","hardware_model":"Alibaba Cloud ECS","hardware_serial":"4657d1ad-6900-4bba-a35f-6f94a6d02bac","hardware_vendor":"Alibaba Cloud","hardware_version":"pc-i440fx-2.1","hostname":"iz2zedpuz8j5uxm63s0l1az","local_hostname":"iz2zedpuz8j5uxm63s0l1az","physical_memory":"8202690560","uuid":"4657D1AD-6900-4BBA-A35F-6F94A6D02BAC"}}} <!DOCTYPE html> <html data-uuid=""> ..............

W1109 11:11:50.935472 26022 tls_enroll.cpp:66] Failed enrollment request to https://172.20.17.23:8080 (Cannot parse JSON: Invalid value. Offset: 0) retrying... I1109 11:11:51.938761 26022 tls.cpp:241] TLS/HTTPS POST request to URI: https://172.20.17.23:8080