Reza Kazemy
12/04/2022, 10:41 AMKathy Satterlee
12/05/2022, 5:42 PMReza Kazemy
12/07/2022, 7:26 AM"GET /api/latest/fleet/device/%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00/desktop HTTP/1.1" 400 157 "-" "-"
and here are my fleet container logs:
fleet-webgui | {"hostID":1,"level":"error","message":"distributed query is denylisted","query":"fleet_detail_query_software_windows","ts":"2022-12-07T07:24:36.580582109Z"}
fleet-webgui | {"err":"failed","level":"error","op":"directIngestSoftware","ts":"2022-12-07T07:24:36.582251321Z"}
fleet-webgui | {"component":"http","err":": Authentication required","internal":"authentication error: invalid orbit node key","level":"info","path":"/api/fleet/orbit/config","ts":"2022-12-07T07:24:37.05854835Z"}
fleet-webgui | {"component":"http","err":": Authentication required","internal":"authentication error: invalid orbit node key","level":"info","path":"/api/fleet/orbit/config","ts":"2022-12-07T07:25:07.122905616Z"}
fleet-webgui | {"component":"http","err":": Authentication required","internal":"authentication error: invalid orbit node key","level":"info","path":"/api/fleet/orbit/config","ts":"2022-12-07T07:25:37.177454183Z"}
Kathy Satterlee
12/15/2022, 7:51 PMnginx
:
https://fleetdm.com/docs/contributing/faq#what-api-endpoints-do-osquery-and-orbit-need-access-toReza Kazemy
12/17/2022, 9:44 AM2022-12-17T14:57:43+03:30 INF calling flags update
I1217 14:57:44.026043 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 18
I1217 14:57:44.740763 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 13
I1217 14:57:45.325450 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 23
I1217 14:57:45.979974 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 2
I1217 14:57:46.479738 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 21
I1217 14:57:47.643726 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 17
I1217 14:57:48.661547 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 1
I1217 14:57:49.016599 15508 interfaces.cpp:130] Failed to retrieve physical state for interface 1
I1217 14:57:49.088176 15508 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 1
I1217 14:57:49.106617 15508 interfaces.cpp:102] Failed to retrieve network statistics for interface 28
I1217 14:57:49.261628 15508 interfaces.cpp:130] Failed to retrieve physical state for interface 28
I1217 14:57:49.291086 15508 interfaces.cpp:157] Failed to retrieve DHCP and DNS information for interface 28
2022-12-17T14:58:13+03:30 INF calling flags update
2022-12-17T14:58:43+03:30 INF calling flags update
2022-12-17T14:59:13+03:30 INF calling flags update
Kathy Satterlee
12/19/2022, 4:47 PMReza Kazemy
12/19/2022, 5:19 PM2022-12-19T14:06:50+03:30 DBG successfully refetched the token from disk
2022-12-19T14:06:50+03:30 ERR get device URL error="GET /api/latest/fleet/device/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/desktop received status 400 unknown"
2022-12-19T14:06:55+03:30 DBG successfully refetched the token from disk
2022-12-19T14:06:55+03:30 ERR get device URL error="GET /api/latest/fleet/device/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/desktop received status 400 unknown"
2022-12-19T14:07:00+03:30 DBG successfully refetched the token from disk
2022-12-19T14:07:00+03:30 ERR get device URL error="GET /api/latest/fleet/device/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/desktop received status 400 unknown"
2022-12-19T14:07:05+03:30 DBG successfully refetched the token from disk
2022-12-19T14:07:05+03:30 ERR get device URL error="GET /api/latest/fleet/device/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/desktop received status 400 unknown"
2022-12-19T14:07:10+03:30 DBG successfully refetched the token from disk
2022-12-19T14:07:10+03:30 ERR get device URL error="GET /api/latest/fleet/device/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/desktop received status 400 unknown"
2022-12-19T14:07:13+03:30 INF Shutdown was requested!
this is the only thing I had got from the log file.
Thank you so much. @Kathy SatterleeLucas Rodriguez
12/19/2022, 9:41 PMC:\Program Files\Orbit\identifier
? (Open with notepad, we don't need the contents but just to know if it has a UUID, something like 8bde4838-3f98-48a5-a60a-9a8699465564
)
3. Can you attach more Orbit logs so we can take a look? (C:\Windows\System32\config\systemprofile\AppData\Local\FleetDM\Orbit\Logs\orbit-osquery.log
)cmd
:
"C:\Program Files\Orbit\bin\orbit/orbit.exe" --version
orbit 1.4.0
Reza Kazemy
12/20/2022, 6:07 AM2022-12-19T13:16:24+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:16:54+03:30 INF calling flags update
2022-12-19T13:16:56+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:17:26+03:30 INF calling flags update
2022-12-19T13:17:28+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:17:58+03:30 INF calling flags update
2022-12-19T13:18:00+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:18:30+03:30 INF calling flags update
2022-12-19T13:18:32+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:19:02+03:30 INF calling flags update
2022-12-19T13:19:04+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:19:34+03:30 INF calling flags update
2022-12-19T13:19:36+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:20:06+03:30 INF calling flags update
2022-12-19T13:20:08+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:20:38+03:30 INF calling flags update
2022-12-19T13:20:40+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:21:06+03:30 ERR pinging the server error="HEAD /api/fleet/orbit/ping: Head \"<https://fleet.test.com:8443/api/fleet/orbit/ping>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:21:10+03:30 INF calling flags update
2022-12-19T13:21:13+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:21:43+03:30 INF calling flags update
2022-12-19T13:21:45+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:22:15+03:30 INF calling flags update
2022-12-19T13:22:17+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:22:47+03:30 INF calling flags update
2022-12-19T13:22:49+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:23:19+03:30 INF calling flags update
2022-12-19T13:23:21+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:23:51+03:30 INF calling flags update
2022-12-19T13:23:53+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:24:23+03:30 INF calling flags update
2022-12-19T13:24:25+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:24:55+03:30 INF calling flags update
2022-12-19T13:24:57+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:25:27+03:30 INF calling flags update
2022-12-19T13:25:29+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:25:59+03:30 INF calling flags update
2022-12-19T13:26:01+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:26:06+03:30 ERR pinging the server error="HEAD /api/fleet/orbit/ping: Head \"<https://fleet.test.com:8443/api/fleet/orbit/ping>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:26:31+03:30 INF calling flags update
2022-12-19T13:26:33+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:27:03+03:30 INF calling flags update
2022-12-19T13:27:05+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:27:35+03:30 INF calling flags update
2022-12-19T13:27:37+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:28:07+03:30 INF calling flags update
2022-12-19T13:28:09+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:28:39+03:30 INF calling flags update
2022-12-19T13:28:41+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:29:11+03:30 INF calling flags update
2022-12-19T13:29:13+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:29:43+03:30 INF calling flags update
2022-12-19T13:29:45+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:30:15+03:30 INF calling flags update
2022-12-19T13:30:17+03:30 INF flags updates failed error="error getting flags from fleet: POST /api/fleet/orbit/config: Post \"<https://fleet.test.com:8443/api/fleet/orbit/config>\": dial tcp 127.0.0.1:8443: connectex: No connection could be made because the target machine actively refused it."
2022-12-19T13:30:47+03:30 INF calling flags update
2022-12-19T13:30:47+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"
W1219 13:31:08.553850 7180 options.cpp:106] The CLI only flag --logger_plugin set via config file will be ignored, please use a flagfile or pass it to the process at startup
I1219 13:31:10.873294 7180 config.cpp:908] Calling configure for logger tls
I1219 13:31:10.873294 7180 config.cpp:908] Calling configure for logger filesystem
2022-12-19T13:31:17+03:30 INF calling flags update
2022-12-19T13:31:17+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"
2022-12-19T13:31:47+03:30 INF calling flags update
2022-12-19T13:31:47+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"
2022-12-19T13:32:17+03:30 INF calling flags update
2022-12-19T13:32:17+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"
2022-12-19T13:32:47+03:30 INF calling flags update
2022-12-19T13:32:48+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"
2022-12-19T13:33:18+03:30 INF calling flags update
2022-12-19T13:33:18+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"
Lucas Rodriguez
12/20/2022, 8:52 PMI had to mention that. I am using WSL (Ubuntu) in order to generate the software. because I am using Linux env for my development tasks.
I am curious if it is going to cause any problems or not.Should not cause any issues.
2022-12-19T133318+03:30 INF flags updates failed error="error getting flags from fleet: The resource was not found"This is expected because your Fleet server version does not support this feature (was added in 4.21.0).
Sorry, when I installed the fleet-osquery.msi, I started to get results like "-" 400 157 "-" "-" on my Nginx Log.So, related to the above log, these 400s are expected, and should go away if you upgrade to 4.21.0 or higher. However...
I checked the identifier file, and it is emptyThis one is unexpected... should not be empty...
Reza Kazemy
12/21/2022, 8:15 AM2022-12-21T11:28:05+03:30 INF calling flags update
2022-12-21T11:28:35+03:30 INF calling flags update
2022-12-21T11:29:05+03:30 INF calling flags update
2022-12-21T11:29:35+03:30 INF calling flags update
2022-12-21T11:30:05+03:30 INF calling flags update
2022-12-21T11:30:26+03:30 INF orbit_endpoints capability changed, restarting
2022-12-21T11:30:31+03:30 INF running with auto updates disabled
2022-12-21T11:30:31+03:30 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate is not valid for any names, but wanted to match <http://fleet.test.com|fleet.test.com>"
2022-12-21T11:30:31+03:30 INF killing any pre-existing fleet-desktop instances
2022-12-21T11:30:31+03:30 INF start osqueryd cmd="C:\\Program Files\\Orbit\\bin\\osqueryd\\windows\\stable\\osqueryd.exe --pidfile=C:\\Program Files\\Orbit\\osquery.pid --database_path=C:\\Program Files\\Orbit\\osquery.db --extensions_socket=\\\\.\\pipe\\orbit-osquery-extension --logger_path=C:\\Program Files\\Orbit\\osquery_log --enroll_secret_env ENROLL_SECRET --host_identifier=uuid --tls_hostname=localhost:60189 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --tls_server_certs C:\\Program Files\\Orbit\\proxy\\fleet.crt --force --flagfile C:\\Program Files\\Orbit\\osquery.flags"
2022-12-21T11:30:31+03:30 INF using insecure TLS proxy addr=localhost:60189 target=<https://fleet.test.com:8443/>
2022-12-21T11:30:31+03:30 INF opening path="C:\\Program Files\\Orbit\\bin\\desktop\\windows\\stable\\fleet-desktop.exe"
I1221 11:30:31.632803 16908 interface.cpp:137] Registering extension (com.fleetdm.orbit.osquery_extension.v1, 9283, version=, sdk=)
I1221 11:30:35.637126 9452 eventfactory.cpp:156] Event publisher not enabled: ntfs_event_publisher: NTFS event publisher disabled via configuration
2022-12-21T11:31:01+03:30 INF calling flags update
2022-12-21T11:31:31+03:30 INF calling flags update
2022-12-21T11:40:03+03:30 INF calling flags update
2022-12-21T11:40:33+03:30 INF calling flags update
2022-12-21T11:41:03+03:30 INF calling flags update
2022-12-21T11:41:33+03:30 INF calling flags update
2022-12-21T11:42:03+03:30 INF calling flags update
2022-12-21T11:42:33+03:30 INF calling flags update
2022-12-21T11:43:03+03:30 INF calling flags update
2022-12-21T11:43:33+03:30 INF calling flags update
2022-12-21T11:44:03+03:30 INF calling flags update
2022-12-21T11:44:33+03:30 INF calling flags update
2022-12-21T11:45:03+03:30 INF calling flags update
2022-12-21T11:45:33+03:30 INF calling flags update
2022-12-21T11:46:03+03:30 INF calling flags update
@Kathy Satterlee
@Lucas Rodriguez
Here is orbit-osquery logsLucas Rodriguez
12/21/2022, 7:39 PMNow I am getting a valid identifier for my desktop and steel I cannot Open the fleet desktop tab on my browser because the keeps showing connecting on my taskbar.1. What do you mean by "valid identifier for my desktop"? 2. Now that you've upgraded and restored, please can you check
%LocalAppData%/Fleet/fleet-desktop.log
contents again?Reza Kazemy
12/22/2022, 5:31 AMERR get device URL error="unauthenticated, or invalid token"
2022-12-21T10:13:37+03:30 DBG successfully refetched the token from disk
2022-12-21T10:13:37+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:13:42+03:30 DBG successfully refetched the token from disk
2022-12-21T10:13:42+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:13:47+03:30 DBG successfully refetched the token from disk
2022-12-21T10:13:47+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:13:52+03:30 DBG successfully refetched the token from disk
2022-12-21T10:13:52+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:13:57+03:30 DBG successfully refetched the token from disk
2022-12-21T10:13:57+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:02+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:02+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:07+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:07+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:12+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:12+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:17+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:17+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:22+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:22+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:27+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:27+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:32+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:32+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:37+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:37+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:42+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:42+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:47+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:47+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:52+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:52+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:14:57+03:30 DBG successfully refetched the token from disk
2022-12-21T10:14:57+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:02+03:30 DBG successfully refetched the token from disk
2022-12-21T10:15:02+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:07+03:30 DBG successfully refetched the token from disk
2022-12-21T10:15:07+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:12+03:30 DBG successfully refetched the token from disk
2022-12-21T10:15:12+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:17+03:30 DBG successfully refetched the token from disk
2022-12-21T10:15:17+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:22+03:30 DBG successfully refetched the token from disk
2022-12-21T10:15:22+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:27+03:30 DBG successfully refetched the token from disk
2022-12-21T10:15:27+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-21T10:15:32+03:30 DBG successfully refetched the token from disk
@Lucas RodriguezLucas Rodriguez
12/22/2022, 10:00 AMReza Kazemy
12/22/2022, 10:06 AMserver {
listen 443 ssl;
server_name <http://fleet.test.com|fleet.test.com>;
# Increase POST body size
client_max_body_size 300M;
# TLS
ssl_certificate /etc/nginx/tls/fleet.crt;
ssl_certificate_key /etc/nginx/tls/fleet.key;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
###########################################################################################################################################################
# fleet web server
###########################################################################################################################################################
location ~/ {
proxy_pass <http://fleet:8080>;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ~/api/v1/fleet {
grpc_pass <grpc://fleet:8080>;
grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
}
location ~/api/v1/osquery {
grpc_pass <grpc://fleet:8080>;
grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
}
}
Lucas Rodriguez
12/22/2022, 10:12 AM2022-12-21T10:15:27+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
Then visit the following URL in your browser:
https://<YOUR FLEET ADDRESS HERE>/api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop
And let's see what we get.~/api/latest/fleet
too (you are adding it for location ~/api/v1/fleet {
)Reza Kazemy
12/22/2022, 10:51 AM2022-12-22T14:20:27+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-22T14:25:07+03:30 DBG successfully refetched the token from disk
2022-12-22T14:25:07+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
2022-12-22T14:25:12+03:30 DBG successfully refetched the token from disk
2022-12-22T14:25:12+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
Lucas Rodriguez
12/22/2022, 11:05 AMhttps://<FLEET_SERVER>/api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop
on your browser to check if your configuration is working.Reza Kazemy
12/25/2022, 9:30 AMfleet-nginx | 172.23.0.1 - - [25/Dec/2022:09:15:50 +0000] "POST /api/v1/osquery/distributed/read HTTP/1.1" 200 64 "-" "osquery/5.6.0"
fleet-nginx | 172.23.0.1 - - [25/Dec/2022:09:15:51 +0000] "POST /api/fleet/orbit/config HTTP/1.1" 200 3 "-" "Go-http-client/1.1"
fleet-nginx | 172.23.0.1 - - [25/Dec/2022:09:15:55 +0000] "GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop HTTP/1.1" 200 18 "-" "Go-http-client/1.1"
https://<FLEET_SERVER>/api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop
is error {}.
is it expected for the status 200 response code?
@Lucas RodriguezLucas Rodriguez
12/26/2022, 6:18 PMReza Kazemy
12/28/2022, 5:18 AM2022-12-22T14:25:12+03:30 ERR get device URL error="decode GET /api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop response: json: cannot unmarshal object into Go struct field fleetDesktopResponse.error of type error"
I upgraded everything.https://<FLEET_SERVER>/api/latest/fleet/device/64a0baf1-2409-4e2c-a98b-9f9ae1a8256d/desktop
the response would be error: {}
. Is it expected???Lucas Rodriguez
12/29/2022, 9:13 AMcurl https://<YOUR FLEET ADDRESS>/version
Reza Kazemy
12/29/2022, 10:03 AM