Channels
  • d

    demonbhao

    1 year ago
    Hello, I found through the log that my osquery difference detection memory sends a log every 7 days. From the feedback of the log, it seems that the information querying by osquery before has been deleted within 7 days. Is this caused by the problem of RocksDB within my osquery?
    Does this mean that something is wrong with my RocksDB?
  • theopolis

    theopolis

    1 year ago
    I don’t think config-check works well if osquery is running. The issue is that only one osquery process can access RocksDB, so if you have one running then the second (the config-check process) will give you warnings like above. So this doesn’t indicate a root cause for the 0 counter you referenced above.
    The backing storage (RocksDB) could be an issue. This happens exactly every 7 days? Is there any clean up scripts that you’ve added to delete RocksDB files?
    What version of osquery is this?
  • d

    demonbhao

    1 year ago
    Hello, I checked that there is no scheduled task for deleting rocksdb files on the server. My osquery version is 4.6.0
    I also found the situation of other counts, as shown below