Joshua Schmitt
01/29/2019, 5:44 PMsocket_events
table to work.
Getting this in the log:
I0129 11:40:08.287317 8774 socket_events.cpp:187] Malformed syscall event. The saddr field in the AUDIT_SOCKADDR record could not be parsed: "00000000000000000000000000000000"
sean.cavanaugh
01/30/2019, 3:23 PMnick
01/31/2019, 9:59 AMshell_history
table only only returns logs for the root user?ccc
01/31/2019, 6:33 PMSELECT * FROM users JOIN chrome_extensions USING (uid);
works and returns the list of extensions, but SELECT * FROM users JOIN chrome_extensions USING (uid) WHERE identifier='gkojfkhlekighikafcpjkiklfbnlmeio';
returns empty even though its thereclong
02/01/2019, 9:51 PMzwass
sttor
02/03/2019, 2:30 PMszippy
02/05/2019, 4:58 PMpacketzero
02/08/2019, 2:50 PMEvgeny Sidorov
02/13/2019, 6:32 PMmaster
branch completely deprecated and I need to rebase everything to experimental
?Alex Stephen
02/14/2019, 2:43 AMosquery/remote/request.h
and osquery/remote/http_client.h
contains the classes for making HTTP requests. Does Client()
have support for setting custom HTTP headers?Johan Edholm
02/15/2019, 12:25 PMalessandrogario
packetzero
02/19/2019, 3:16 PMpacketzero
02/19/2019, 3:12 PMpacketzero
02/19/2019, 11:00 PMJohan Edholm
02/20/2019, 10:43 AMnebi
02/20/2019, 9:12 PMprocess_namespaces
like this select * from process_namespaces
some of the processes do not have pid_namespaces
even pid1
does not have pid_namespace. Is this normal?arimb00r
02/21/2019, 6:52 AMnebi
02/22/2019, 7:59 AMPersistent SOC
02/25/2019, 3:59 PMthor
arimb00r
02/26/2019, 6:36 AMfr1day
02/27/2019, 10:21 AMmake package
, the errors are as followings:
-- Build files have been written to: /tmp/tmp.UyM6oIRYp4
make[2]: *** No rule to make target `osquery/osqueryd', needed by `CMakeFiles/packages'. Stop.
make[1]: *** [packages/fast] Error 2
make: *** [package] Error 2
Has anyone encountered this problem?defensivedepth
02/28/2019, 4:31 PMDschm2055
03/01/2019, 9:18 PMsoumitr
03/05/2019, 10:45 PMselect * from augeas where path = '/etc/sssd/sssd.conf'
I can get other config files to parse (ssh config, hosts etc.) but not this one, any ideas on how i could proceed?stell
03/06/2019, 7:38 AMvivek
03/06/2019, 1:48 PMseph