Hello there! Is there any way I can fully disable ...
# fleet
Hello there! Is there any way I can fully disable software inventory and software vulnerability? I’m pretty confident that the execution of this query while installing orbit on our hosts are causing too many LDAP search requests to our server sand it’s not being able to handle it, so I’d like to completely disable this feature.
Hi @Jesus Santos. You can definitely disable software inventory: https://fleetdm.com/docs/using-fleet/configuration-files#features-enable-software-inventory I'd be happy to help you dig in to the issue you're seeing if you'd like to Gove a little more info in the specific behavior you're seeing.
Hey Kathy! Thanks for the information The scenario I’m seeing is the following: When installing Orbit/OSquery to a number of CentOS hosts we have that are enrolled to LDAP, right after the install process the server receives a high number of SEARCH requests, which then drops a little, but keeps higher than what it was before installing orbit itself The major painpoint is the installation process, but since it keeps the average higher, when installing to, say 1500 hosts, it is also high enough to be a problem. That said, I tried some debugging on both osqueryd running verbose and nslcd (name resolution service) running debug to try to find some correlation, with not much luck, the only strong thing I have on both is the install process, which I intend to test without software inventory to see if it changes
+1. Apart from software inventory, you should disable the "users" query off too: https://fleetdm.com/docs/using-fleet/configuration-files#features-enable-host-users
Nice! Just bringing some info before the actual tests, after putting the 2 settings you mentioned, the load on the LDAP Server already decreased a whole lot I’ll try with the infra team to provision some new hosts and check if any request will be made, but it seems this solves the problem we were facing over here, thanks in advance you all! 😁