plugins
  • y

    yuvalapidot

    03/08/2018, 9:11 AM
    Speaking of #osquery-go-distributed-read-plugin-implementation-questions 🙄, I am deploying osquery with Kolide on my team's endpoints (mostly windows machines). I am trying to perform distributed queries (from Kolide) - but can't receive any answer. Looking at the status logs - I see that for a long while the queried computers did not post to distributed/read, it is as if the distributed plugin crashed. Did anyone ever noticed such a problem? Yesterday it also happened, and only after few hours the osquery agent started posting to distributed/read again.
  • zwass

    zwass

    05/04/2018, 4:23 PM
    Enrollment is not mandatory for logger plugins. You can authenticate however you like.
  • k

    Kieran r

    01/14/2020, 6:39 PM
    I am currently trying to use osquery to produce data into Kafka as a producer and I get an error 'could not autoload extensions: failed reading...'
  • r

    robbie

    02/13/2020, 6:39 PM
    Hey there! Has anybody run into the osqueryd worker no longer sending results via TLS a few minutes after the watchdog blacklists one of them? I get a "scheduled query may have failed," then ~10 minutes later, osquery stops attempting to hit any endpoint except /distributed/read. I think this is probably a problem with my osquery worker, not the tls plugin – but I figured I would start here.
  • a

    Avinash. B

    04/10/2020, 11:19 AM
    This is my config. plz tell me if there is something wrong here...
  • s

    skydmh

    04/20/2020, 2:47 PM
    hello,does anybody tell me that the kafka_producer can be used to windows?
  • theopolis

    theopolis

    09/09/2020, 1:28 PM
    It’s mainly a performance issue, the extensions API requires a bit of serialization and deserialization and the rate of publishing events can be intense.
  • Bradley Kemp

    Bradley Kemp

    09/09/2020, 3:37 PM
    Things like DNS query or TLS SNI sniffing. Both of which I’ve as patches to OSQuery that have rightly been rejected because doing packet parsing in a non-memory safe language unless you really know what you’re doing is a bad idea… These both generating lots of rows though so would be a good fit for an events table