https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi team! I uninstalled osquery `brew remove --cask...
# macos
r
Hi team! I uninstalled osquery 
brew remove --cask osquery
and reinstalled it, trying both pkg from GitHub and 
brew install --cask osquery
but nothing is working. It's indeed installed but when running 
osqueryi
I get 
zsh: command not found: osqueryi
... Any idea? I'm on MacBook Pro M2 Max running macOS 14.6.1
s
Hi; it's very possible that you have a loose osquery.app in the filesystem and it's getting installed over that. You can check with 
grep relocated /var/log/install.log
and see if osquery has been relocated. Related issue: https://github.com/osquery/osquery/issues/7900
r
Could it be related with the fact I had the orbit fleet package installed?
s
likely yes
r
Should I reinstall with the orbit package to make it work?
s
I mean remove "likely", fleet does install osquery already on your system through Orbit, so the two installs will collide like that. That being said, if you already have Orbit and such installed, you can use whatever they have installed. Or if you want a specific version, you can also just download the bare binary. Installation isn't really needed, it just brings a couple of files
Should I reinstall with the orbit package to make it work?
You probably want to ensure you have the version Fleet expects installed yeah.
r
Perfect! Thank you so much @Stefano Bonicatti!!!
I was not able to make 
osqueryi
work by any way... Is there a way to fully remove osquery, orbit and everything related from my device and start from scratch?
s
For orbit I would direct you to #C01DXJL16D8. For osquery installed as standalone, you have to stop the service, if any, and remove files manually: https://osquery.readthedocs.io/en/latest/installation/install-macos/#removing-osquery
29 Views
Open in Slack
PreviousNext
Powered by