Channels
David J Davis
1 year agoHaving an issue getting osquery to work as a service on Windows, works fine if I run it myself on the same machine, same config files, same invocation. When running as a service it doesn't report to our FleetDM server, when I run it manually it reports fine and you can query it fine from FleetDM.
Mike Myers
1 year agoany clues if you look at the
log in Windows EventViewer? Like filtering for "Service Control Manager."System
CptOfEvilMinions
1 year ago@David J Davis I would also try deleting the Osquery DB and Osquery logs. I've had issues where Osquery doesn't have the proper permissions to access/modify these files and fails to load.David J Davis
1 year agoNot really, see a few that osquery stopped unexpectedly and a few other old ones, but those were probably when I was messing around with it, I just restarted it and don't see any errors from the Service Control Manager.Mike Myers
1 year agoYea, I've also heard of Windows being configured via group policy to disallow a user to spawn processes as services
when you run it yourself manually are you running it as a service too?David J Davis
1 year agoI wasn't, I just tried running it from the command line with the --D option and it works, still no luck with it as a service even after a reinstall.
It still works with the --D optionMike Myers
1 year agoNot sure what to try next, but, https://github.com/osquery/osquery/blob/master/tools/manage-osqueryd.ps1 this Powershell script might let you test manually kicking off the service and uninstall/reinstall the service to see if something fixes it.
View count: 3