I am currently trying to use osquery to produce data into Kafka as a producer and I get an error 'could not autoload extensions: failed reading...'
r
robbie
02/13/2020, 6:39 PM
Hey there! Has anybody run into the osqueryd worker no longer sending results via TLS a few minutes after the watchdog blacklists one of them? I get a "scheduled query may have failed," then ~10 minutes later, osquery stops attempting to hit any endpoint except /distributed/read.
I think this is probably a problem with my osquery worker, not the tls plugin – but I figured I would start here.
a
Avinash. B
04/10/2020, 11:19 AM
This is my config. plz tell me if there is something wrong here...
It’s mainly a performance issue, the extensions API requires a bit of serialization and deserialization and the rate of publishing events can be intense.
b
Bradley Kemp
09/09/2020, 3:37 PM
Things like DNS query or TLS SNI sniffing. Both of which I’ve as patches to OSQuery that have rightly been rejected because doing packet parsing in a non-memory safe language unless you really know what you’re doing is a bad idea…
These both generating lots of rows though so would be a good fit for an events table