Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
j
Jacob Kitchel
07/16/2021, 3:16 PMNext question: what is the expected output of osqueryctl config-check? my config loads successfully and osqueryd starts up, gets a pid, etc. and shows query packs loaded, etc. However, when I do an osqueryctl config-check I get a bunch of RocksDB [WARN] errors (samples attached in thread)
I0716 09:58:22.922930 4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:22.923086 4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.125308 4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:23.125838 4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.327919 4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:23.328378 4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.530874 4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:23.531320 4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.733755 4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Perthis does not seem to effect operation of osqueryd from what I can tell, but just trying to eliminate any potential sources of error, so trying to figure out if this is a thing that i need to fix a) now, b) near future, or c) ignore for a while
s
Stefano Bonicatti
07/16/2021, 3:18 PMIs an instance of osquery running when
osqueryctlj
Jacob Kitchel
07/16/2021, 3:56 PMyes
s
Stefano Bonicatti
07/16/2021, 3:59 PMThat’s the problem, osqueryctl is a script that launches
osquery👍 1
j
Jacob Kitchel
07/16/2021, 4:06 PMahhhhhhh, that makes total sense
thank you, again