search

zentralopensource / zentral

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.
https://www.zentral.com
Other
753 stars 82 forks source link

add_probe_feed warnings about missing "queries" key #38

Open zbuc opened 7 years ago

zbuc commented 7 years ago

When importing feeds, I see warnings about the "queries" key not being present.

The key is present, however, and this doesn't seem to present an issue -- all the feeds are imported as expected.

This can be replicated against one of the example feeds:

zentral@1ed956dcdc6a:/zentral$ python server/manage.py add_probe_feed https://raw.githubusercontent.com/zentralopensource/zentral-feeds/master/demo/osquery.json
2017-06-02 19:10:26,627 PID343 feeds WARNING Feed serializer <class 'zentral.contrib.osquery.feeds.PackSerializer'> errors
2017-06-02 19:10:26,628 PID343 feeds WARNING {'queries': ['This field is required.']}
2017-06-02 19:10:26,786 PID343 feeds WARNING Feed serializer <class 'zentral.contrib.osquery.feeds.PackSerializer'> errors
2017-06-02 19:10:26,786 PID343 feeds WARNING {'queries': ['This field is required.']}
Feed https://raw.githubusercontent.com/zentralopensource/zentral-feeds/master/demo/osquery.json synced.
Probes created: 6.
np5 commented 7 years ago

When we import a feed, we try 2 different serializer classes. We first try to read it as an osquery pack, and then, because it doesn't work, as a zentral feed. The warnings show that the feed is not a valid osquery pack. We should maybe not display them (we don't show them in the web interface).