Hello, I found through the log that my osquery dif...
# generald
demonbhao
03/30/2021, 10:10 AMHello, I found through the log that my osquery difference detection memory sends a log every 7 days. From the feedback of the log, it seems that the information querying by osquery before has been deleted within 7 days. Is this caused by the problem of RocksDB within my osquery?
demonbhao
03/30/2021, 10:24 AMDoes this mean that something is wrong with my RocksDB?
t
theopolis
03/31/2021, 2:07 PM
I don’t think config-check works well if osquery is running. The issue is that only one osquery process can access RocksDB, so if you have one running then the second (the config-check process) will give you warnings like above.
So this doesn’t indicate a root cause for the 0 counter you referenced above.
theopolis
03/31/2021, 2:09 PM
The backing storage (RocksDB) could be an issue. This happens exactly every 7 days? Is there any clean up scripts that you’ve added to delete RocksDB files?
theopolis
03/31/2021, 2:09 PM
What version of osquery is this?
d
demonbhao
04/01/2021, 6:32 AMHello, I checked that there is no scheduled task for deleting rocksdb files on the server. My osquery version is 4.6.0
demonbhao
04/01/2021, 6:34 AMI also found the situation of other counts, as shown below
demonbhao
04/01/2021, 6:36 AMWhen I stop the osquery service and use config-check again, the results are as follows
4 Views