Stefano Bonicatti
07/22/2021, 12:01 PM--pidfile=<path>
Madhur Jodhwani
07/22/2021, 5:46 PMStefano Bonicatti
07/22/2021, 5:48 PMsudo
from the terminal to run it as rootMadhur Jodhwani
07/22/2021, 6:18 PME0722 23:47:56.249691 250744832 shutdown.cpp:75] [Ref #1382] osqueryd has unsafe permissions: /Users/mj/Desktop/osquery/build/osquery/osqueryd
Stefano Bonicatti
07/22/2021, 6:19 PM--allow_unsafe
to the command line when launching osquery. Normally when deployed osquery expects to be contained in a folder where only root has write accessMadhur Jodhwani
07/22/2021, 7:28 PME0723 01:00:39.768704 376421888 shutdown.cpp:75] Cannot activate filesystem logger plugin: Could not create file: /var/log/osquery/osqueryd.results.log
E0723 01:00:42.686159 39362560 shutdown.cpp:75] Worker returned exit status
Stefano Bonicatti
07/23/2021, 6:40 AM--logger_path=<path>
. The path in this case is of the folder where you want to put the logs.Madhur Jodhwani
07/23/2021, 11:32 AMI0723 17:01:56.780879 307543552 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity is disabled via configuration
I0723 17:01:56.781905 307543552 eventfactory.cpp:156] Event publisher not enabled: openbsm: Publisher disabled via configuration
I0723 17:01:56.781971 307543552 eventfactory.cpp:156] Event publisher not enabled: scnetwork: Publisher not used
I0723 17:01:56.782012 307543552 eventfactory.cpp:156] Event publisher not enabled: event_tapping: Publisher disabled via configuration
Stefano Bonicatti
07/23/2021, 11:33 AME
not I
. They are just informing you that those event publishers are not enabled.Madhur Jodhwani
07/23/2021, 11:34 AMStefano Bonicatti
07/23/2021, 11:34 AMMadhur Jodhwani
07/23/2021, 11:35 AMStefano Bonicatti
07/23/2021, 11:41 AM/dev/null