https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
l

Loqpa

04/01/2019, 10:06 AM
Hello everyone! I seem to have problem with 
syslog
table not being populated. I followed steps in issue #1964 and i can see 
logger
output in 
cat
. My version is 3.3.2 (from apt get) Here is the snippet:
z

zwass

04/01/2019, 8:33 PM
Have you tried the debugging steps here? https://github.com/facebook/osquery/issues/1964
l

Loqpa

04/02/2019, 7:19 AM
Yep, i did. There are no errors in verbose mode output. 
rsyslogd
is able to write to the pipe (i saw logger output in another shell with cat) What would you recommend to try next?
z

zwass

04/02/2019, 4:25 PM
Is anything else listening to the pipe? 
cat
in another shell? Another osquery process?
y

ycpr

04/11/2019, 10:33 AM
I've got the same issue. No other processes apart of 
osqueyi
and 
rsyslogd
are listening to the pipe but 
select * from syslog_events
returns nothing. If I cat the pipe its' output is not empty though.
syslog_pipe.txt
l

Loqpa

04/11/2019, 3:13 PM
@zwass so, if i get things right issue #4810 is where the problem was discovered. Do you think we can fix this issue by applying commit #5232 to the current state?
z

zwass

04/12/2019, 3:12 PM
It seems some folks are having success by patching the code. I would give #5232 a shot.
3 Views
Powered by