https://github.com/osquery/osquery logo
Join Slack
Powered by
Can you provide the server response to the enrollm...
# kolide
z
Can you provide the server response to the enrollment request like you did for https://osquery.slack.com/archives/C1XCLA5DZ/p1519324487000723?
n
I0222 162343.138703 4476 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll I0222 162343.138703 4544 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109 I0222 162343.138703 4544 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed I0222 162343.138703 5656 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109 I0222 162343.138703 5656 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed I0222 162343.810552 4416 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll I0222 162343.810552 2784 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109 I0222 162343.810552 2784 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed I0222 162343.810552 5916 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109 I0222 162343.810552 5916 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed I0222 162343.841809 2652 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll I0222 162343.841809 5588 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109 I0222 162343.841809 5588 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed I0222 162343.841809 2240 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109 I0222 162343.841809 2240 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed I0222 162345.185578 4476 tls.cpp:198] TLS/HTTPS POST request to URI: https://x.x.x.x:8080/api/v1/osquery /enroll {"enroll_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxx","host_identifier":"9DC61442-B7FD-B9B6-1BB5-320C5EA0D064","platform_t ype":"2","host_details":
}}} { "node_key": "RtRfZCDgLdkpW8kC1bAbr/7dth2rWmK8" } I0222 162345.232504 4476 tls.cpp:198] TLS/HTTPS POST request to URI:
}}} { "node_key": "RtRfZCDgLdkpW8kC1bAbr/7dth2rWmK8" } I0222 162345.232504 4476 tls.cpp:198] TLS/HTTPS POST request to URI:
{"node_key":"RtRfZCDgLdkpW8kC1bAbr\/7dth2rWmK8"} { "queries": {} } { "node_key": "ZsnK6vcW7sHaXFiAELqWECOaQa2oFwyf" } I0222 162345.935539 2652 tls.cpp:198] TLS/HTTPS POST request to URI: https://x.x.x.x:8080/api/v1/osquery /config {"node_key":"ZsnK6vcW7sHaXFiAELqWECOaQa2oFwyf"} { "error": "authentication error: invalid node key: O/k3jqhlx2XX6xb3FEyeM/ePDk3B3Zg1", "node_invalid": true }
z
Did these logs all occur sequentially in a single run of 
osqueryd
? I see three different node keys here... Some successful looking requests, some unsuccessful... And perhaps a mysteriously corrupted node key? It's hard to really make sense of it. Maybe including the whole log from a single run of 
osqueryd
would help.
n
Let me log everything to a file and send it to you
Very wierd, I changed --host_identifier in my flag file to hostname from uuid and it worked?
z
Possibly there is some bug in osquery? If you can repro this please file an issue.
2 Views
Open in Slack
PreviousNext
Powered by