https://github.com/osquery/osquery logo
Join Slack
Powered by
Prior to enabling the `process_events` table, this...
# general
t
Prior to enabling the 
process_events
table, this code worked:
Copy code
import osquery
import os


def main():
    extension_path = os.path.expanduser('~/.osquery/shell.em')
    instance = osquery.ExtensionClient(extension_path)
    instance.open()

    client = instance.extension_client()
    response = client.query('select * from processes')
    for row in response.response:
        print(row)


if __name__ == "__main__":
    main()
Error:
Copy code
Could not connect to any of ['/home/user/.osquery/shell.em']
Traceback (most recent call last):
  File "test.py", line 20, in <module>
    main()
  File "test.py", line 14, in main
    response = client.query('select * from processes')
  File "/usr/local/lib/python3.6/dist-packages/osquery/extensions/ExtensionManager.py", line 181, in query
    self.send_query(sql)
  File "/usr/local/lib/python3.6/dist-packages/osquery/extensions/ExtensionManager.py", line 190, in send_query
    self._oprot.trans.flush()
  File "/usr/local/lib/python3.6/dist-packages/thrift/transport/TTransport.py", line 179, in flush
    self.__trans.write(out)
  File "/usr/local/lib/python3.6/dist-packages/thrift/transport/TSocket.py", line 149, in write
    message='Transport not open')
thrift.transport.TTransport.TTransportException: Transport not open
3 Views
Open in Slack
PreviousNext
Powered by