Channels
  • Dan Achin

    Dan Achin

    1 year ago
    Hey everyone. I'm noticing that Fleet isn't reflecting updates to client versions. I've updated 4 clients from 4.5.1 to 4.7.0 but Fleet still shows them at 4.5.1. Even more interesting, if I run
    select * from osquery_info;
    from Fleet as a distributed query, the results show 4.5.1, but when I run it on the servers themselves via osqueryi, I see 4.7.0. Is there a trick to get Fleet to update?
  • zwass

    zwass

    1 year ago
    Yep, Fleet only updates details every hour by default (configurable: https://github.com/fleetdm/fleet/blob/master/docs/2-Deployment/2-Configuration.md#osquery_detail_update_interval), so it ought to catch up soon. We've been thinking about adding a manual update button for instances like this.
  • Dan Achin

    Dan Achin

    1 year ago
    Ah, thanks @zwass. I actually updated these last week. 😞
  • zwass

    zwass

    1 year ago
    Oh wait, just re-read your question
    If your live query returns 4.5.1 that means your osqueryd is still running 4.5.1
    As in, osqueryi is running a different binary than your currently running and enrolled osqueryd.
  • Dan Achin

    Dan Achin

    1 year ago
    i see. so maybe our upgrade didn't restart the service
    ok
    I noticed also that the 4.7.0 version of osquery we pulled has the .linux suffix but 4.5.1 doesn't. do you happen to know if that's expected?
  • zwass

    zwass

    1 year ago
    You'll need to ask in #general about that. I know there are ongoing changes to the build system and I could imagine such changes resulting.
  • Dan Achin

    Dan Achin

    1 year ago
    cool, will do. just thought maybe you knew