falloner
01/30/2017, 7:52 PMthor
thor
sc.exe stop osqueryd
2.) sc.exe delete osqueryd
3.) sc.exe create osqueryd type= own start= auto error= normal binpath= "C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile=\ProgramData\osquery\osquery.flags" displayname= 'osqueryd'
Alternatively, we bundle a helper script you can make use of manage-osqueryd.ps1
, but I haven't made heavy use of it and I'm not sure how to use it to install the service. Lastly, you can install the service via a chocolatey install with choco install osquery --params='/InstallService'
thor
osquery.flags
and osquery.conf
?thor
osquery\log
?OpenPlgx
09/22/2017, 12:44 PMzwass
Severity Code Description Project File Line Suppression State
Error C2220 warning treated as error - no 'object' file generated osquery_events C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xutility 2372
Warning C4996 'std::copy::_Unchecked_iterators::_Deprecate': Call to 'std::copy' with parameters that may be unsafe - this call relies on the caller to check that the passed values are correct. To disable this warning, use -D_SCL_SECURE_NO_WARNINGS. See documentation on how to use Visual C++ 'Checked Iterators' osquery_events C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xutility 2372
Error C2220 warning treated as error - no 'object' file generated osquery_logger_plugins C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xutility 2983
Warning C4996 'std::equal::_Unchecked_iterators::_Deprecate': Call to 'std::equal' with parameters that may be unsafe - this call relies on the caller to check that the passed values are correct. To disable this warning, use -D_SCL_SECURE_NO_WARNINGS. See documentation on how to use Visual C++ 'Checked Iterators' osquery_logger_plugins C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xutility 2983
Error C2220 warning treated as error - no 'object' file generated osquery_aws_util C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\xutility 2983
thor
msbuild
to compile the extension with msbuild osquery.sln /p:Configuration=Release /p:PlatformType=x64 /p:Platform=x64 /t:external_extension_test /m /v:m
after I have invoked the VC Build tools with Invoke-BatchFile "$env:VS140COMNTOOLS\..\..\vc\vcvarsall.bat" amd64
thor
Multi Threaded (MT)
for all projects your buildingthor
thor
thor
.\tools\make-win64-dev-env.bat
script? We've had numerous changes to the provisioning env and build system recently.thor
theopolis
clippy
11/20/2017, 8:40 PMclippy
12/04/2017, 1:32 AMthor
Kemal
02/09/2018, 12:09 PMclong
02/16/2018, 1:14 AMthor
systemLog
on Windows just drops logs to the floor, until we can sort out a better way of doing things? Or would folks rather we live with this bug for a bit and find a way to make the WEL logger plugin link against core.thor
j
03/08/2018, 1:25 AMthor
OpenPlgx
03/30/2018, 8:09 AM666reda
04/10/2018, 3:23 PMclippy
04/10/2018, 6:07 PMStop-Service -Name "osqueryd"
$secret_filename = "c:\ProgramData\osquery\osquery.secret"
$secret_content = "example-secret"
if (Test-Path -Path $secret_filename) {
Remove-Item $secret_filename
Write-Host "Removed Secrets file"
}
[IO.File]::WriteAllLines($secret_filename, $secret_content)
$default_flagpath = "C:\ProgramData\osquery\osquery.flags.default"
if (Test-Path -Path $default_flagpath) {
Remove-item -Path $default_flagpath
Write-Host "Removed default flags file"
}
$content = "--config_plugin=tls
--enroll_secret_path=C:\Programdata\osquery\osquery.secret
--enroll_tls_endpoint=/node/enroll
--config_tls_endpoint=/node/configure
--tls_hostname=<http://example.domain.endpoint.com|example.domain.endpoint.com>
--config_refresh=300
--config_tls_accelerated_refresh=300
--config_tls_max_attempts=9999"
[IO.File]::WriteAllLines($default_flagpath, $content)
$flagpath = "c:\ProgramData\osquery\osquery.flags"
if (Test-Path -Path $flagpath) {
Remove-Item -Path $flagpath
Write-Host "Removed flags file"
}
New-Item -Path C:\ProgramData\osquery\osquery.flags -ItemType SymbolicLink -Value C:\ProgramData\osquery\osquery.flags.default
Start-Service -Name "osqueryd"
5twenty9
04/24/2018, 11:46 PMthor
lvferdi
04/26/2018, 3:58 PMthor