Channels
  • z

    Zach Zeid

    2 years ago
    I'm trying to troubleshoot where or not osquery is sending info to a kinesis stream, but there doesn't appear to be anything in
    /var/log/osquery
    . Running the
    osqueryd
    command with
    --ephemeral
    doesn't clearly say there is anything wrong, but it seems to chock on loading extensions and creating a socket. Is that expected behavior?
  • zwass

    zwass

    2 years ago
    That can be expected if the extensions autoload file doesn't exist and/or the process doesn't have permissions to create the socket.
    I would try running your exact same osqueryd command with
    --verbose
    added and see what the output looks like.
    Consider making
    --logger_plugin=aws_kinesis,filesystem
    so that you get logging also to the filesystem.
  • z

    Zach Zeid

    2 years ago
    So that means that an extensions file needs to exist somewhere? I don't see a reference inthe docs
  • zwass

    zwass

    2 years ago
    It doesn't need to, you'll just get an error about autoloading extensions if it doesn't.