seph
Chris Reisor
02/12/2021, 5:11 PMosqueryctl clean
, and start it up again, it registers fine. So something about the rocksdb is jamming up the tls server enrollment process.defensivedepth
02/12/2021, 6:22 PMwindows_events
table does not pull in the Computer
field (I believe this is where it would be pulled out - https://github.com/osquery/osquery/blob/master/osquery/events/windows/windowseventlogparser.cpp#L145)
The Computer
field is extremely important because it is the hostname of the system that the log was originally generated on - it's common to aggregate Windows eventlogs to a few Windows systems using Windows Eventlog Forwarding (WEF) and then ship those to the backend system using something like Winlogbeat/Osquery etc. Without the Computer
field, the backend system has no idea of where the original log came from.
Further ref: https://docs.microsoft.com/en-us/windows/win32/wes/eventschema-computer-systempropertiestype-elementdefensivedepth
02/16/2021, 7:02 PMseph
Stefano Bonicatti
02/19/2021, 10:58 PMar p <package> debian-binary control.tar.gz data.tar.gz | gpg --verify _gpgorigin -
The signature matches with the osquery one, the only difference seems to be the dateMike Myers
02/19/2021, 11:37 PMseph
concat
in
* https://github.com/osquery/osquery/pull/6780 Chrome Extensions had some requested changes, but I think those are now swept in
* https://github.com/osquery/osquery/pull/6957 I think this memory leak is worth grabbing
And anything else people want to get intheopolis
theopolis
seph
seph
seph
seph
thor
Mike Myers
03/10/2021, 4:43 PMMike Myers
03/11/2021, 2:40 AM--extensions_require
and clarify what this flag is supposed to be doing? I think we've gotten confused about the intended purposeseph
seph
seph
alessandrogario
theopolis
theopolis
503 Response object too large
for https://pkg.osquery.io/rpm/osquery-debuginfo-4.6.0-1.linux.x86_64.rpm (and subsequently for 4.7.0) I suspect this is an issue with the new CDNMike Myers
03/15/2021, 6:59 AMthor
theopolis
alessandrogario
seph
seph
puffycid
03/19/2021, 2:26 AMPS C:\Users\bob\Projects\osquery\build> radare2.exe .\osquery\RelWithDebInfo\osqueryd.exe
-- Error: There's a missing space before the opening parenthesis '('
[0x1417b1910]> il
[Linked libraries]
shlwapi.dll
rpcrt4.dll
kernel32.dll
user32.dll
shell32.dll
ole32.dll
oleaut32.dll
advapi32.dll
ntdll.dll
ws2_32.dll
iphlpapi.dll
netapi32.dll
version.dll
wtsapi32.dll
secur32.dll
dbghelp.dll
dbgeng.dll
bcrypt.dll
crypt32.dll
wintrust.dll
setupapi.dll
userenv.dll
wevtapi.dll
23 libraries
sadly im not an expert in cmakelists☹️, do I need to modify additional cmakelist files (or other files) in order for cabinet.dll/lib/header to be included in the final binary?
thanks!