Channels
- d
demonbhao
1 year agoHello This problem that there will be two processes to launch osquery service has been bothering me for a long time. Is there any good solution? I have tried all the information I found on the Internet, but I still can't solve this error - a
alessandrogario
1 year agoosqueryd will always appear twice due to the watchdog (see https://osquery.readthedocs.io/en/stable/installation/cli-flags/)
making a copy of the process to monitor itself
could it be a permission issue on the db folder?; you can try three things1. sudo rm -rf /var/osquery/osquery.db 2. attempt to fix permissions with sudo chmod/chown -R /var/osquery/osquery.db (I don't know what the correct permissions are right now, but you can make sure write access is provided to the user running osqueryd) 3. attempt to use another path for the database (is /var a standard filesystem?). You can try with --database_path=/root/test_osquery_database 
theopolis
1 year agoIt looks like everything is running fine on your machine. Look at the systemctl output, it lists both osquery processes as being part of the unit.- a
alessandrogario
1 year agoRight, disregard my comment; the
is the additional process trying to access a database that is already in use by the running instace. Everything looks fine thenosqueryd --config_check
uhm not sure if --config_check should have special handling to ignore the database or not; you can maybe try with --disable_database=true if you just want to check whether the config is good theopolis
1 year agoYeah good question, it’s difficult because most folks will get their config from a remote host and will need keys/etc from the DB.
View count: 1