Jacob Shandling
12/07/2022, 7:24 PMScott McQueen
12/07/2022, 9:24 PMDaniel
12/07/2022, 9:33 PMKathy Satterlee
12/08/2022, 8:04 PMAndrew Zick
12/09/2022, 9:26 AMaugeas
table.
https://osquery.slack.com/archives/C08V7KTJB/p1668118967997209
I’m trying to use FleetDM live queries and additional queries to look at augeas
on a Linux Mint device, but even just SELECT COUNT(*) FROM augeas
returns 0. I’ve had the user install augeas-lenses
locally which has fixed this issue for me before, but it had no effect here. osqueryi
run locally on the machine is able to return results.
Has anyone run into this problem before or have any ideas for potential solutions?
osquery: 5.2.2, Fleet: 4.13.2Keith Swagler
12/09/2022, 1:04 PMpeanut butter
12/09/2022, 8:03 PMpeanut butter
12/11/2022, 9:42 PMGregory Storme
12/12/2022, 11:41 AMGregory Storme
12/12/2022, 11:41 AMid: 241686
osquery_host_id: FD723F42-2034-8947-200D-9D1902CF7058
created_at: 2022-12-12 12:12:43
updated_at: 2022-12-12 12:12:43
detail_updated_at: 1970-01-02 01:00:00
node_key: 86UbEE48jOqr3epoiDHg4nLhEwgq390m
uptime: 0
memory: 0
cpu_physical_cores: 0
cpu_logical_cores: 0
primary_ip_id: NULL
distributed_interval: 0
logger_tls_period: 0
config_tls_refresh: 0
label_updated_at: 1970-01-02 01:00:00
last_enrolled_at: 1970-01-02 01:00:00
refetch_requested: 1
team_id: NULL
policy_updated_at: 1970-01-02 01:00:00
orbit_node_key: 86UbEE48jOqr3epoiDHg4nLhEwgq390m
Jincheng Yin
12/12/2022, 11:48 AMlevel=info ts=2022-12-12T09:51:18.810646803Z component=redis mode=standalone
level=info ts=2022-12-12T09:51:18.819616955Z msg="GCP PubSub writer configured" project=awx-it-infrastructure topic=awx-fleet-osquery-statu
s add_attributes=false
level=info ts=2022-12-12T09:51:18.820644484Z msg="GCP PubSub writer configured" project=awx-it-infrastructure topic=awx-fleet-osquery-resul
t add_attributes=false
level=info ts=2022-12-12T09:51:19.500416806Z component=crons cron=vulnerabilities cron=vulnerabilities softwareinventory="not configured"
level=info ts=2022-12-12T09:51:19.704020837Z msg="metrics endpoint disabled (http basic auth credentials not set)"
ts=2022-12-12T09:51:19.706150806Z transport=http address=0.0.0.0: msg=listening
ts=2022-12-12T09:51:45.503923208Z terminated="http: Server closed"
Arsenio
12/13/2022, 4:07 PMAdrian Junge
12/13/2022, 4:56 PMryan
12/13/2022, 11:22 PMRaghavendra Hiremath
12/15/2022, 4:37 AMRaghavendra Hiremath
12/15/2022, 2:10 PMRaghavendra Hiremath
12/15/2022, 2:16 PMMatthew Warren
12/15/2022, 4:12 PM1
to determine failure/pass respectively?Swakhil
12/16/2022, 5:47 AMdetail_query_network_interface expected single result, got 0
and the second error is software data is not reflecting on the fleet software dashboard and displays the below error in the logs.
{"component":"service","err":"detail_query_network_interface expected single result, got 0","method":"IngestFunc","ts":"2022-12-15T11:58:41.396213187Z"}
{"hostID":1,"level":"error","message":"distributed query is denylisted","query":"fleet_detail_query_software_windows","ts":"2022-12-15T11:58:41.396500965Z"}
{"err":"failed","level":"error","op":"directIngestSoftware","ts":"2022-12-15T11:58:41.396717347Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in HP Development Company, L.P. - SoftwareComponent - 8.10.28.1","ts":"2022-12-15T11:58:41.400430479Z"}
The last line of the above error KB id not found
displays the same for all the available softwares on that machine. currently I use v4.23.0.Anoop K V
12/17/2022, 10:10 AMReza Kazemy
12/19/2022, 9:59 AMReza Kazemy
12/19/2022, 9:59 AMJ.R. Murray
12/21/2022, 8:32 PMosqueryi --nodisable_audit --nodisable_events --audit_allow_config=true --audit_persist=true --audit_allow_sockets
etc etc) without having osqueryctl installed? We have the fleetctl agent with the osquery package (without Fleet Desktop) installed on Linux servers, Amazon Linux 2.J.R. Murray
12/21/2022, 8:33 PMArsenio
12/22/2022, 3:06 PMwennan.he
12/23/2022, 1:14 AMzwass
zwass
mikermcneil
12/23/2022, 3:45 PMpeanut butter
12/26/2022, 12:02 PM