hey folks, I am newbie in osquery. Our team runs osquery daemon on the computers with installed Cent OS. We have some golang app which is running in the docker container and connecting to osquery using osquery socket file. And we found the issue that after reboot of the computer we can't get records from the

hardware_events

table using our golang app, But if we run the same query via

osqueryi

- it returns such events. In the golang app it just returns empty response. This issues stops to be reproducible after I restart osquery daemon - but this trick doesn't always help. I can't see any specific errors in the logs. could somebody help to troubleshoot this issue?

I suppose it could be issue with

osquery-go

client library. Does somebody know how can I send command directly to execute the query to osquery socket file using for example netcat?

Hi All, I was trying to build the osquery from the source and installing in the different directory in Ubuntu. It seems like CMAKE_PACKAGING_INSTALL_PREFIX is not used anywhere in the project. osquery CMake Warning: Manually-specified variables were not used by the project: _CMAKE_PACKAGING_INSTALL_PREFIX_ CMAKE _cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \_ _-DCPACK_GENERATOR=TGZ \_ _-DOSQUERY_PACKAGE_VERSION=5.2.3 \_ _-DOSQUERY_DATA_PATH=/home/vagrant/osquery/build/package_data \_ _-DCMAKE_INSTALL_PREFIX='/opt/hello' \_ _-DOSQUERY_SOURCE_DIRECTORY_LIST='osquery-src-path;osquery-build-path' \_ ../osquery-packaging Am i the only getting this?

HI All, I just want to know if fleet is open sourced for commercial use?

what is the oldest version of osquery that supports windows server 2022

Hello All, I wanted to know if there is any way to obtain CPU usage in Windows using osquery?

Hello, OSQuery team, I found the 5.8.1 is in pre-release status for about two weeks. https://github.com/osquery/osquery/releases/ May I know when the build will be ready for formal Release? Thanks a lot!

Hi @alessandrogario, Could you please give some schedule regarding the release time? Thanks a lot!

I’m pleased to announce osquery 5.8.1 is stable! Release notes and website updates coming soon

Thanks a lot, @seph!

Anyone know if there is an

rpm --verify

type of capability with OSQuery? I think not but maybe I’m missing a way to do this. Could be a good first contribution task for me 🤔 http://ftp.rpm.org/max-rpm/ch-rpm-verify.html

[osquery:master] 1 new commit by bgirardeau-figma:

<https://github.com/osquery/osquery/commit/ba4f8581f579c698b62adc426130ed8f45fe4667|ba4f858>

Fix username field for managed_policy table (#7944) - bgirardeau-figma

Hi osquery team, could u suggest the err "database or disk is full" I c return by query "select * from listening_ports, process_open_sockets;"

when i add host to fleet server i got an error "localhost.localdomain fleet[6390]: 2023/03/20 133956 http: TLS handshake error from 172.16.1.10644924 remote error: tls: bad certificate".

Hi there, this might be an obvious question, but I was wondering where osquery gets the

uuid

field from on Windows, as part of the

osquery_info

table? https://github.com/osquery/osquery/blob/ba4f8581f579c698b62adc426130ed8f45fe4667/specs/utility/osquery_info.table#L5 Does it come from here? https://github.com/osquery/osquery/blob/ba4f8581f579c698b62adc426130ed8f45fe4667/osquery/core/system.cpp#LL141C28-L141C55

could someone help on https://osquery.slack.com/archives/C08V7KTJB/p1679187767332909?

[osquery:master] 1 new commit by seph:

<https://github.com/osquery/osquery/commit/954159fbfc3a385887ba73861fa62dc9f42500c9|954159f>

CHANGELOG 5.8.1 (#7957) - seph

[osquery:master] 1 new commit by Marcos Oviedo:

<https://github.com/osquery/osquery/commit/c9a72f7ba2d2c5fb92467cd510fb73844eef3d19|c9a72f7>

Setting COM security per interface level instead of using CoInitializeSecurity (#7963) - Marcos Oviedo

[osquery:master] 1 new commit by bgirardeau-figma:

<https://github.com/osquery/osquery/commit/fa315834892682b009316538ce95ac53663f965a|fa31583>

Fix empty results in batch logs (#7958) - bgirardeau-figma

[osquery:master] 1 new commit by Stefano Bonicatti:

<https://github.com/osquery/osquery/commit/31697479247e82d1f159639745cc83b9dad94a61|3169747>

tests: Do not always build root tests on Linux (#7966) - Stefano Bonicatti

[osquery:master] 1 new commit by Stefano Bonicatti:

<https://github.com/osquery/osquery/commit/4b4f38c638e178a428378602cc5b844296bd95d4|4b4f38c>

test: Fix SystemdUnitsTest missing the unit_file_state column (#7965) - Stefano Bonicatti

[osquery:master] 1 new commit by Stefano Bonicatti:

<https://github.com/osquery/osquery/commit/b8d1c2071c25865706f891d1c45bde8612ba883f|b8d1c20>

tests: Fix some tests becoming osquery shells (#7964) - Stefano Bonicatti

[osquery:master] 1 new commit by Alessandro Gario:

<https://github.com/osquery/osquery/commit/f9163109e297caa2a328ebef8818252e808202d9|f916310>

cmake: Only link against the experiments loader when needed (#7959) - Alessandro Gario

[osquery:master] 1 new commit by Stefano Bonicatti:

<https://github.com/osquery/osquery/commit/f7feecc120564d593126f75341c3af6b048a8b9a|f7feecc>

test: Do not always expect a row from the secureboot table (#7967) - Stefano Bonicatti

[osquery] New tag 5.8.2 was pushed by directionless

Hi! I am trying to figure out how to send data from FleetDM to Elastic in order to visualize it in Kibana.

👋 Hi everyone!

[osquery:master] 1 new commit by Stefano Bonicatti:

<https://github.com/osquery/osquery/commit/2593a62cf9b33ef2ae8401588a280628307cdbb0|2593a62>

ci: Update python version and docs build tools (#7969) - Stefano Bonicatti

Hi All, Has anyone notice an issue with the Osquery

iptables

virtual table returning nothing ? I've dug into the source code and have a potential theory why this issues exists, but also wanted to reach out here incase anyone has seen this "gotcha" ?

Hello everyone, Can we use regular expression in queries in fleet dm UI ?