Hi fleet team, we found out we miss a small portio...
# fleetw
wennan.he
02/10/2023, 10:49 PMHi fleet team, we found out we miss a small portion of our hosts in fleet, maybe could u help to explain what is the possible reason can make it happened?
k
Kathy Satterlee
02/10/2023, 11:00 PMThis may be related to this issue:
https://github.com/fleetdm/fleet/issues/9132
Do you have access to the Fleet database? If so, run the following query for me:
Copy code
select * from hosts where orbit_node_key = NULLw
wennan.he
02/10/2023, 11:05 PMwell, that is weird, because we dont have orbit installed but osquery installed directly.
k
Kathy Satterlee
02/10/2023, 11:06 PMInteresting. What are you using as your host identifier?
Kathy Satterlee
02/10/2023, 11:07 PMAnd what versions of Fleet and osquery are you working with?
Kathy Satterlee
02/10/2023, 11:08 PMAnd are you seeing any errors in the Fleet logs?
w
wennan.he
02/10/2023, 11:54 PMosquery 5.4.0
wennan.he
02/11/2023, 12:13 AMfleet version 4.20.1
wennan.he
02/11/2023, 12:14 AMi didn't cfg for host identifier specifically.
wennan.he
02/11/2023, 12:14 AMso think it is supposed to use host name?
wennan.he
02/11/2023, 12:18 AMand i didn't see any err log.
wennan.he
02/11/2023, 12:19 AMand we even cannot find it from local query by osqueryi.
z
zwass
02/11/2023, 12:20 AM
Are you saying that the query doesn't return results locally via osqueryi either? Sounds like it might be an osquery bug
w
wennan.he
02/11/2023, 12:21 AMyes. we run the same query on the host, but also empty return.
z
zwass
02/11/2023, 12:22 AM
In that case I think it's likely that osquery can't get the serial. What kind of device is this?
w
wennan.he
02/11/2023, 12:22 AMbmvm
wennan.he
02/11/2023, 12:22 AMnothing special
z
zwass
02/11/2023, 12:25 AM
I'm not familiar with bmvm.
zwass
02/11/2023, 12:25 AM
Maybe let's open a new thread in #general?
w
wennan.he
02/11/2023, 12:26 AMgonna to doing it, thx.
2 Views