Hey Team I am seeing 0 online devices whereas everything was

Question

Hey Team I am seeing 0 online devices whereas everything was fine until few hours ago I dont see any err in logs or any error that its not able to communicate with fleet server Also for alot of devices it still shows last fetched a minute ago and thats keeps updating Not able to run any query though

Rachel Perkins · Answer

The second part is interesting so for some specific hosts you can see a recent `updated at` key returned from the API but status is still `offline` Are you able to refetch that host s information and get new update host information

Ojas · Answer

< Rachel Perkins> nope refetch dosent work nor does the query

Ojas · Answer

dose this log mean that netskope is not allowing the connection it says provider rejected

Kathy Satterlee · Answer

Is Netskope a recent addition to your environment If you re using a proxy server do you see any logs there that indicate that connections are being refused and why

Ojas · Answer

nah netkope is old one < Kathy Satterlee> its been there for many months and was there when we deployed fleet

Ojas · Answer

< Kathy Satterlee> < Rachel Perkins> this is becoming a p1 issue for us as our crucial part of vuln management is dependent on fleet side Any thing i should do to debug this

Kathy Satterlee · Answer

I know you said you didn t see any error in the logs Which logs have you checked There could be useful information in the logs for your Load balancer Fleet server or the host s osquery logs

Ojas · Answer

i am checking the logs on host machine

Ojas · Answer

service is running and everything seems fine i dont see any error logs in the machine

Kathy Satterlee · Answer

Okay Anything happening in the Fleet logs to either indicate an error in that end or confirm that traffic is making it through to Fleet

Ojas · Answer

< Kathy Satterlee> which logs do i check like the path of the fleet logs i ll have to login to fleet server for this right FYI i am running it on ECS so not sure how to login

Kathy Satterlee · Answer

The Fleet logs will likely be in Cloudwatch

Ojas · Answer

Hey < Kathy Satterlee> i got these logs and seems to be auth issues missing node keys amp no matching secret found

Ojas · Answer

< Kathy Satterlee> any idea on how to fix this I dont see any other error logs in there

Kathy Satterlee · Answer

So sorry < Ojas> I missed that update

Kathy Satterlee · Answer

It sounds like all of those errors are related to one host with an invalid enroll secret Just to be sure though what are you using as your <https fleetdm com docs deploying configuration osquery host identifier|identifier>

Ojas · Answer

i had this error on all the hosts < Kathy Satterlee> All hosts stopped reporting back all of sudden I updated fleet to latest and then i can see most hosts online now But still i see many hosts which i know are running but on fleet they are offline i dont see any identifiers in agent options so it should be whatever default value is

Kathy Satterlee · Answer

Yes I just wanted to make sure that the errors in the logs were all related to the same host If you were using something that could be duplicated as the identifier that might explain the other issue If not the errors in the Fleet log are likely unrelated Can you run `fleetctl get config include server config` and share the results You can either redact sensitive information or send it to me via DM

Ojas · Answer

I am working on updating the whole agents and things after that i ll fetch this and share with you slightly smiling face