$ docker logs -f --tail 10 osctrl-nginx 172.26.0.1 - - [14/May/2020:08:15:34 +0000] "GET /login HTTP/1.1" 200 9335 "https://localhost:8443/enroll/remote-ver" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-" 172.26.0.1 - - [14/May/2020:08:15:34 +0000] "GET /login HTTP/1.1" 200 9335 "https://localhost:8443/enroll/remote-ver" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-" 172.27.0.3 - - [14/May/2020:08:15:37 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 172.27.0.3 - - [14/May/2020:08:15:42 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 172.27.0.3 - - [14/May/2020:08:15:48 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 172.27.0.3 - - [14/May/2020:08:15:53 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 172.27.0.3 - - [14/May/2020:08:15:58 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 172.27.0.3 - - [14/May/2020:08:16:03 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 10.10.11.89 - - [14/May/2020:08:16:07 +0000] "GET /remote-ver/1btG0jnw9basCXWVvyiWKhhdUfk/enroll.sh HTTP/1.1" 200 0 "-" "curl/7.58.0" "-" 172.27.0.3 - - [14/May/2020:08:16:09 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 172.27.0.3 - - [14/May/2020:08:16:14 +0000] "POST /dev/read HTTP/1.1" 200 52 "-" "osquery/4.2.0" "-" 10.10.11.89 - - [14/May/2020:08:16:18 +0000] "GET /remote-ver/1btG0jnw9basCXWVvyiWKhhdUfk/enroll.sh HTTP/1.1" 200 0 "-" "curl/7.58.0" "-" 10.10.11.156 - - [14/May/2020:08:16:19 +0000] "GET /json/stats/environment/dev HTTP/1.1" 200 35 "https://10.10.11.156:8443/enroll/remote-ver" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-" 10.10.11.156 - - [14/May/2020:08:16:19 +0000] "GET /json/stats/platform/ubuntu HTTP/1.1" 200 35 "https://10.10.11.156:8443/enroll/remote-ver" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-" 10.10.11.156 - - [14/May/2020:08:16:19 +0000] "GET /json/stats/environment/remote-ver HTTP/1.1" 200 35 "https://10.10.11.156:8443/enroll/remote-ver" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537 $ docker logs -f --tail 10 osctrl-api utils.go:38: Refreshing settings... utils.go:27: Refreshing environments... utils.go:38: Refreshing settings... utils.go:27: Refreshing environments... utils.go:27: Refreshing environments... utils.go:38: Refreshing settings... utils.go:27: Refreshing environments... utils.go:38: Refreshing settings... utils.go:27: Refreshing environments... utils.go:38: Refreshing settings... $ docker logs -f --tail 10 osctrl-tls handlers.go:523: Invalid Path handlers.go:523: Invalid Path handlers.go:523: Invalid Path dispatch.go:15: error updating metadata getNodeByUUID record not found dispatch.go:31: error refreshing last result getNodeByUUID record not found dispatch.go:15: error updating metadata getNodeByUUID record not found dispatch.go:26: error refreshing last status getNodeByUUID record not found handlers.go:523: Invalid Path utils.go:45: Refreshing environments... utils.go:56: Refreshing settings... handlers.go:523: Invalid Path $ docker logs -f --tail 10 osctrl-admin main.go:279: Loading service settings settings.go:390: SetString 0.0.0.0 admin json_listener settings.go:390: SetString 9001 admin json_port settings.go:390: SetString localhost admin json_host settings.go:390: SetString db admin json_auth settings.go:390: SetString db admin json_logging main.go:284: Loading service metrics main.go:498: osctrl-admin v0.2.1 - HTTP listening 0.0.0.0:9001 settings.go:324: SetInteger 60 tls refresh_envs settings.go:324: SetInteger 60 tls refresh_settings # curl -v -sk https://10.10.11.156/remote-ver/1btG0jnw9basCXWVvyiWKhhdUfk/enroll.sh | sh * Trying 10.10.11.156... * TCP_NODELAY set * Connected to 10.10.11.156 (10.10.11.156) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.3 (IN), TLS handshake, Server hello (2): { [108 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [564 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [172 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [37 bytes data] * TLSv1.2 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=osctrl-nginx * start date: May 14 03:50:42 2020 GMT * expire date: May 14 03:50:42 2021 GMT * issuer: CN=osctrl-nginx * SSL certificate verify result: self signed certificate (18), continuing anyway. } [5 bytes data] > GET /remote-ver/1btG0jnw9basCXWVvyiWKhhdUfk/enroll.sh HTTP/1.1 > Host: 10.10.11.156 > User-Agent: curl/7.58.0 > Accept: */* > { [5 bytes data] < HTTP/1.1 200 OK < Server: nginx/1.13.5 < Date: Thu, 14 May 2020 08:19:19 GMT < Content-Length: 0 < Connection: keep-alive < Expires: Thu, 14 May 2020 08:19:18 GMT < Cache-Control: no-cache < Strict-Transport-Security: max-age=63072000; includeSubdomains < X-Frame-Options: DENY < Cache-Control: no-cache, no-store < Pragma: no-cache < * Connection #0 to host 10.10.11.156 left intact