https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
j

Jacob Kitchel

07/16/2021, 3:16 PM
Next question: what is the expected output of osqueryctl config-check? my config loads successfully and osqueryd starts up, gets a pid, etc. and shows query packs loaded, etc. However, when I do an osqueryctl config-check I get a bunch of RocksDB [WARN] errors (samples attached in thread)
Copy code
I0716 09:58:22.922930  4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:22.923086  4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.125308  4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:23.125838  4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.327919  4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:23.328378  4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.530874  4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Persisting Option File error: OK
I0716 09:58:23.531320  4111 rocksdb.cpp:149] Rocksdb open failed (5:0) IO error: While lock file: /var/osquery/osquery.db/LOCK: Resource temporarily unavailable
I0716 09:58:23.733755  4111 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1805] Per
this does not seem to effect operation of osqueryd from what I can tell, but just trying to eliminate any potential sources of error, so trying to figure out if this is a thing that i need to fix a) now, b) near future, or c) ignore for a while
s

Stefano Bonicatti

07/16/2021, 3:18 PM
Is an instance of osquery running when 
osqueryctl
is launched?
j

Jacob Kitchel

07/16/2021, 3:56 PM
yes
s

Stefano Bonicatti

07/16/2021, 3:59 PM
That’s the problem, osqueryctl is a script that launches 
osquery
and only a single instance can get a hold of the db. You need to use it when osquery is not running for that.
👍 1
j

Jacob Kitchel

07/16/2021, 4:06 PM
ahhhhhhh, that makes total sense
thank you, again
44 Views
Powered by