Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
d
Dervon
04/20/2021, 9:14 AMCan someone help me - I continue to test Polylogyx. I can say that on lightly loaded systems it works fine and even better than sysmon or something else that I have tried. But on heavily loaded systems, when I started testing in production, I saw the problem. The server crashed after 20 hours of work with polylogyx agent, and was not available by any means until I rebooted it. In errors, I encountered the following events
@OpenPlgx Maybe you can help - I don’t know which way to dig anymore
o
OpenPlgx
04/20/2021, 9:35 AMCan you manually stop the services?
1. sc stop plgx_osqueryd
2. sc stop plgx_cpt
3. sc stop vast
4. sc stop vastnw
Ignore any failures..but verify that all the services have stopped by running "sc query <svc_name>"
You might have to wait 10-15 seconds..
once all the services are stopped, try running only "sc start plgx_osqueryd" and lets see if everything comes back to normal
d
Dervon
04/20/2021, 9:55 AMI had to reboot the server completely - since it did not answer and was not available on the Rdp
after reboot - all back to normal. But half hour ago - second server with DC role got the same problem
First server - 20 hours before crash
Second server ~ 21
@OpenPlgx maybe i can add this sequence for example to restart every 8 hours? maybe this can helpto avoid this problem. What you think?
o
OpenPlgx
04/20/2021, 1:35 PMthat can be one work around, yes
d
Dervon
04/20/2021, 2:52 PMthank you sir - i will try