Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
z
zwass
02/22/2018, 7:25 PMCan you provide the server response to the enrollment request like you did for https://osquery.slack.com/archives/C1XCLA5DZ/p1519324487000723?
n
Newbee
02/22/2018, 9:28 PMI0222 16:23:43.138703 4476 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll
I0222 16:23:43.138703 4544 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 16:23:43.138703 4544 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 16:23:43.138703 5656 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 16:23:43.138703 5656 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 16:23:43.810552 4416 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll
I0222 16:23:43.810552 2784 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 16:23:43.810552 2784 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 16:23:43.810552 5916 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 16:23:43.810552 5916 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 16:23:43.841809 2652 tls_enroll.cpp:63] TLSEnrollPlugin requesting a node enroll key from: https://x.x.x.x:8080/api/v1/osquery/enroll
I0222 16:23:43.841809 5588 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 16:23:43.841809 5588 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 16:23:43.841809 2240 interface.cpp:89] Thrift message: TPipe ::GetOverlappedResult errored GLE=errno = 109
I0222 16:23:43.841809 2240 interface.cpp:89] Thrift message: TConnectedClient died: TPipe: GetOverlappedResult failed
I0222 16:23:45.185578 4476 tls.cpp:198] TLS/HTTPS POST request to URI: https://x.x.x.x:8080/api/v1/osquery
/enroll
{"enroll_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxx","host_identifier":"9DC61442-B7FD-B9B6-1BB5-320C5EA0D064","platform_t
ype":"2","host_details":
}}}
{
"node_key": "RtRfZCDgLdkpW8kC1bAbr/7dth2rWmK8"
}
I0222 16:23:45.232504 4476 tls.cpp:198] TLS/HTTPS POST request to URI:
}}}
{
"node_key": "RtRfZCDgLdkpW8kC1bAbr/7dth2rWmK8"
}
I0222 16:23:45.232504 4476 tls.cpp:198] TLS/HTTPS POST request to URI:
{"node_key":"RtRfZCDgLdkpW8kC1bAbr\/7dth2rWmK8"}
{
"queries": {}
}
{
"node_key": "ZsnK6vcW7sHaXFiAELqWECOaQa2oFwyf"
}
I0222 16:23:45.935539 2652 tls.cpp:198] TLS/HTTPS POST request to URI: https://x.x.x.x:8080/api/v1/osquery
/config
{"node_key":"ZsnK6vcW7sHaXFiAELqWECOaQa2oFwyf"}
{
"error": "authentication error: invalid node key: O/k3jqhlx2XX6xb3FEyeM/ePDk3B3Zg1",
"node_invalid": true
}
z
zwass
02/22/2018, 11:35 PMDid these logs all occur sequentially in a single run of
osquerydosquerydn
Newbee
02/23/2018, 1:25 PMLet me log everything to a file and send it to you
Very wierd, I changed --host_identifier in my flag file to hostname from uuid and it worked?
z
zwass
02/23/2018, 5:31 PMPossibly there is some bug in osquery? If you can repro this please file an issue.